Android devices are designed to automatically download or retrieve videos sent via MMS. This automated system was exploited by hackers a few years back in order to remotely run a code via MMS or when a user visits a malicious website or a click a compromised link. While StageFright, a name for a group of bugs, is already obsolete at this time, it can still be used in some select situations. In this troubleshooting, we’ll tell you how to address the issue if your phone happens to be hacked, as demonstrated by one user below, using this exploit.
What to do if your Galaxy J7 has been hacked by StageFright
I’ve had issues with approximately 10 devices for about 4 years now.anow. At 1st i was pretty much clueless and had no knowledge or experience with computers beyond typing in a URL. i am going to try to spare you unnecessary details and hope you don’t dismiss me thinking i’m crazy.lol.icrazy.lol.
i’ve been through 3 tablets and at least 8 phones. all seemed well.then the usual signs appeared about 2 weeks ago:
- disappearing options
- downloads i didnt make
- always changing media files that i never support the format of
- APNs added
i searched the name of the 1 just added to my network. Google says it’s a hack called “STAGE FRIGHT.” I have a very good idea who is responsible. well, responsible for the most recent problems and the headaches and stress from the beginning of me being violated. i really just would like to know how to eliminate them as administrator of my devices and keep them from accessing my files and OS.
Also it would be amazing to be able to have the countless files, data, media etc. that has been stolen from me. im confident that if you took a peek at my system reports that you would recognize a mountain of proof of my problems. Thank you.
I have been too worried to trust anyone and havent wanted to burden others with my problems. Also, i have tolerated not having luxuries that computers offer and have allowed myself to be held back and at a huge disadvantage in life by allowing this to go on.i hope this effort proves to be a wise choice and positive things come from reaching out to you ?
Solution: StageFright exploits are not new and they’ve around for a few years now so it’s relatively easy to deal with at this time. Below are the things that you can do on your end.
Create a backup of your data
Fixing your phone in this situation requires a factory reset so you want to make sure that you create a copy of your important photos, videos, contacts, messages, etc. To back them all up in one fell swoop, you can use Samsung Smart Switch app. If you don’t have a computer, you can also install Smart Switch to another Android or non-Android device.
Another way to create a back up is to store your files to the cloud. Samsung and Google both offers limited cloud capacity for free. Other third party companies like Microsoft also do have free cloud offers so take advantage of them to keep your files safe.
Clean up the system
If you’ve positively identified that your device has been hacked, the first thing that you want to do is to return all its software information to their defaults. This will ensure that any app or malicious software installed in the system are removed. This is a necessary first step in this situation. You don’t want to the rest of the steps below without having to factory reset your device.
- Turn off the device.
- Press and hold the Volume Up key and the Bixby key, then press and hold the Power key.
- When the green Android logo displays, release all keys (‘Installing system update’ will show for about 30 – 60 seconds before showing the Android system recovery menu options).
- Press the Volume down key several times to highlight ‘wipe data / factory reset’.
- Press Power button to select.
- Press the Volume down key until ‘Yes — delete all user data’ is highlighted.
- Press Power button to select and start the master reset.
- When the master reset is complete, ‘Reboot system now’ is highlighted.
- Press the Power key to restart the device.
Install Android Nougat or above
Google has already addressed StageFright vulnerabilities so all you have to do is to keep your software up-to-date. Make sure that you install Android Nougat to avoid falling prey to malicious attacks from StageFright attacks.
Turn off MMS auto-retrieval
The most common avenue of StageFright attacks is via text messaging. One of the ways to make it harder for a bad guy to use the exploits is to disable MMS Auto-retrieval. If you are using Samsung Messages app, you can turn off MMS Auto-retrieval with these steps:
- Open Samsung Messages app.
- Tap three-dot icon at the upper right.
- Tap Settings.
- Tap More settings.
- Tap Multimedia messages.
- Turn off Auto retrieve.
Keep in mind that StageFright may use MMS videos as an entry point. If you are using a non-Samsung text messaging app, be sure to also disable its Auto-retrieve function for MMS to avoid the app from automatically getting MMS and playing it without your knowledge.
Only install official or safe apps
One of the methods used by hackers to use StageFright vulnerabilities to attack an Android device is by inserting a bad code in an app. Needless to say, it falls on your shoulders to keep your system safe by installing apps from reputable sources only. If you don’t do this, it’s only a matter of time before your phone becomes infected with other malicious apps.
Before you install any app, especially those from unknown developers, be sure to check the reviews of other users.
As much as possible, you also want to only install apps from official developers only. A lot of times, users who are not careful with the apps they add on their device become targets of hacks later on. Some apps are designed to initially look legit. Later on, they can install updates that would then allow other apps to be installed without user knowledge, or create a backdoor so a developer can steal information or take over the device itself. Be sure to invest time in checking the reputation of developers of apps you install in your device to avoid installing bad codes in your system after a factory reset.
As much as possible, only install apps from Google Play Store. If you can’t help getting an app outside of the Play Store, there’s greater chance that it comes from an untrusted developer. Make sure that you do enough research to know the background of the developer or the app that you’re installing. Remember, even bad apps manage to slip past Google’s stringent filtering system. Such filtering system does not exist when getting apps from outside sources so there’s an even greater chance of putting your device at risk.
Avoid visiting suspicious sites
Another great way to getting hacked is by visiting booby-trapped websites. Some websites may bait users on clicking links that automatically runs codes to take over your device, install malicious apps, or steal information. If you’re fond of visiting such websites, be ready to accept whatever consequences that may occur. Antivirus apps can only do so much in making sure you’re protected. Just remember, you are the first line of defense when it comes to digital security. If your phone gets hacked again after a factory reset, you must be doing some lousy security procedures.
Report hacking to local enforcement
Some hacks are simply too sophisticated for even security conscious individuals. If your device gets hacked again and again and you’re afraid you’re losing personal data or risking privacy, report the incident to your local enforcement teams. This can be helpful especially if you have an idea who may be hacking your device in the first place.