A couple of weeks ago, an Austin researcher spoke at the security conference Blackhat on flaws he had found in Android software. Commonly called "StageFright," the flaws could allow a malicious hacker to take control of a phone or tablet by simply sending a specially crafted multimedia message. The device would automatically download the message and have it ready for you to view, thus compromising the device without you having to even view the message.
At the time, there was no fix available, so I wrote a description of how to minimize the risk by disabling auto-retrieve for multimedia messages. Various phone makers and cellular carriers are beginning to roll out an update to fix* the flaw. Following are step-by-step instructions for checking to see if an update is available for your phone. I demonstrated the update using a Samsung Galaxy S5 running Android 5.1 (aka "Lollipop"); the screens and menus for other phones and versions will differ somewhat but the menu selections should be essentially the same.
*Research firm ExodusIntel found that the initial fix is not a complete patch and can still be exploited, albeit with a slightly different payload. Still, better to be partially protected than fully unprotected.
Checking for available updates on Android
Step 1: Swipe down from the top and find the "gear" icon to open the Settings menu.
Step 2: Click the "System updates" option at the bottom of the Settings menu.
Step 3: On the System updated popup screen, click "Check for new system update"
Step 4: Your device will check to see if an update is available.
Step 5: If an update is available, your device will download the new update, and when ready show a screen saying "Software update ready to install." You can choose to install now, or can schedule the update to occur at a later time (for example, while you are asleep).
Step 6: After the update completes, you will see a screen saying the software update is complete.
If no updates are currently available - or if you have already installed the latest update, you will see this message after selecting "check for new system update."
