Photo - Dr Amirudin Abdul Wahab, Chief Executive Officer of CyberSecurity Malaysia.
In tandem with global alerts of a vulnerability called 'Stagefright Bug', Malaysia's national cyber security specialist agency CyberSecurity Malaysia has issued a warning to all Malaysian users of Android smartphone devices including tablets.
Speaking on Friday, 31 July 2015, Dr Amirudin Abdul Wahab, chief executive officer of CyberSecurity Malaysia, said that devices running Android 2.2 to 5.1.1_r4 make be affected by this "highly damaging vulnerability whereby an attacker is able to take control of an android device by sending a specially crafted multimedia message."
"The 'Stagefright Bug' is named after a part in the Android operating system called Stagefright, which helps phones and tablets display media content," said Dr Amirudin.
"Recently, a security researcher has discovered that this vulnerability can exploit security weaknesses in Android devices," he said.
"Unfortunately, only the latest Android smartphones are receiving the security patch. For most android phones issued from 2010 till early 2015 - there are no fixes available yet," said Dr Amirudin.
He said some security researchers have called the 'Stagefright Bug' the 'Heartbleed for mobile' due to similarity with the deadly Heartbleed in terms of severity of damage caused, where millions of devices were impacted.
CyberSecurity Malaysia's advisory on its technical website - MyCert.org.my - under 'services' and 'advisories'
includes the following advice:
1. Search for 'software update' and install. Google has released Android 5.1.1_r5 to address these issues. Note that not all phones with Android 5.1.1 (Lollipop) have this patch applied; patchlevel r5 or above must be installed.
2. Contact your telco or mobile phone company. The update may or may not be available for your phone. Contact your cell phone carrier or manufacturer for update information.
3. Block all text messages from unknown senders. Blocking all text messages from unknown senders in your default text message handling app may mitigate this issue.
4. Turn off "Auto Retrieve" for multimedia messages like photos, audios and videos. If your default text messaging app does not allow blocking of senders, you may also disable the auto retrieve feature for multimedia messages. This may prevent the autoloading of MMS content into Stagefright.
Sign up for CIO Asia eNewsletters.