Openmind Networks’ Multimedia Messaging Service Centre (MMSC) offers operators the security they need to block the Stagefright vulnerability on Android devices.
There has been a lot of press recently about a security flaw on the Android operating system called Stagefright. The vulnerability allows an attacker to execute code through a fake multimedia message (MMS) which contains a malformed video file. Due to the nature of the MMS service and its auto-download capabilities, the user may not even have to view the message for an attack to happen. For a good overview of the vulnerability please see the following article, which states that 94.1% of all Android devices in use today are affected – http://blog.trendmicro.com/trendlabs-security-intelligence/mms-not-the-only-attack-vector-for-stagefright/
It should be noted, that MMS is not the only way to exploit Stagefright, as researchers have shown ways to exploit the vulnerability from a URL or within an application, although in these cases the user must manually retrieve the media, so the attack is not considered as dangerous as the MMS vulnerability.
Google and many handset manufacturers have already released updates to the affected Android handsets, but in many cases subscribers do not choose to accept updates to their devices or they are very slow to update their devices.
This has lead to some operators implementing protective measures such as disabling the auto-download of the MMS service. While this will ensure Android devices are not affected, it also damages the perception of the MMS service, and hence MMS revenues.
Openmind’s MMSC is capable of detecting and removing malicious multimedia elements from within MMS messages. Therefore we can offer an alternative for operators, which ensures that their MMS service continues as normal, and which removes the threat of these malformed video files affecting Android users. In this way, the recipient of a multimedia message can be secure in the knowledge that they will not be able to download content that could lead to exploitation of the stagefright vulnerability.