Vulnerability Android

Update 10-08-2015:

Several suppliers will deliver some updates this week.

There is an app which will check if the contamination is resolved.


A vulnerability is discovered in one of the core utilities in Android.

This utility converts movies to be shown on your device. This all happens automatically in a large number of messaging apps like MMS, Google Hangouts etc.

What happens?

This is a big problem because the user doesn't need to perform any action to trigger this vulnerability. The utility starts working on the video as soon as it arrives, sometimes before the user is aware of it. The user might not even detect the infection when the attacker removes the message and the movie after taking control of your device.

How to prevent this?

A patch is available but not for all devices. Some manufacturers do not update their devices. The manufacturers of our devices, HTC and Samsung, haven't given us any indication they will be patching this vulnerability.

When we have more information we will update this page.

In the meantime some workarounds are available. Which workaround is available depends on the device and the app used to send and receive messages with imbedded movies.

1) Disable automatic downloading and/or processing of movies.

2) Configure your app to only accept movies from friends. This does not prevent you from receiving movies from friends who are already infected.

3) If your provider supports MMS, remove the corresponding APN. Most Dutch providers do not support MMS anymore. If you remove APN's be careful not to remove the APN for your internet connection.