In case you haven’t heard, it’s possible to hack into about a billion Android phones by sending them a text message with a specially crafted picture or video attached.
Google has a fix. The carriers and phone makers are taking their sweet time pushing it out. They may never do it. Here’s how to protect yourself.
First, here’s the problem: A stranger can send you the text message, take over your phone, then remove any trace of having ever done so. So you can literally get a message while you’re sleeping, lose control of your phone, and never know it. You can’t count on antivirus software intercepting the bad media either–hiding from antivirus software isn’t all that difficult to do, and if the media gets rendered before the phone writes it to storage, antivirus never gets a chance to examine it.
Here’s the solution, in a nutshell. I have to be fairly generic because I did this yesterday on eight different phones and each one was slightly different.
First, pull up your text messages. Next, pull up the menu in the app–the button may look like three dots or it may look like a popup menu, depending on your phone. One of the options will be labeled “Settings.” Scroll down to the section titled MMS Messaging, and uncheck the box that says “Auto-retrieve” or “Automatically retrieve messages,” or something similar.
Do the same thing in Google Hangouts, if your phone has Hangouts on it. Not all do, necessarily.
Once you do that, when someone sends you a picture or a video attached to a text message, you’ll have to tap to retrieve it. If someone you don’t know sends you one, don’t open it.
I’m not a fan of automatically opening and rendering content anyway. That caused a lot of problems in the 90s in the early days of Microsoft Outlook. That’s why I plan on leaving this setting disabled even after my phone gets the patch.
Staying safe will require a change in behavior–if you get a random text from someone you don’t know with a picture attached, don’t open it. That’s good practice anyway, but sometimes we forget the phones we carry are computers in their own right.