Motorola Releases Stagefright Patch To Carriers

Motorola announced that it will create and release a patch for the Stagefright vulnerabilities to carriers today, August 10. The company hasn’t announced whether it will also continue to release security patches for its devices every month, the same way Google, Samsung and LG promised last week.

The Stagefright vulnerabilities (found by the security team at Zimperium, who later alerted Google about it) allow malicious attackers to send an MMS message with embedded malware that is automatically retrieved by most SMS clients or IMs with SMS capabilities.

The malware would then require no action from the user in order to install itself on the phone, which, combined with the vast distribution capability of the MMS infrastructure, is what makes it so dangerous.

Motorola said it was notified by Google in June about the bugs, and its newly announced smartphones including the Moto X Style, Moto X Play and Moto G 3rd gen will include the patch. In some regions, where the Moto G 3rd gen has already started shipping, the patch isn’t integrated into the software, but those phones will be updated soon.

As for the other phones, Motorola will offer an update to the carriers for testing and approval. The list of smartphones that will receive it includes:

Moto X Style (patched from launch)Moto X Play (patched from launch)Moto X (1st Gen, 2nd Gen)Moto X ProMoto Maxx/TurboMoto G (1st Gen, 2nd Gen, 3rd Gen)Moto G with 4G LTE (1st Gen, 2nd Gen)Moto E (1st Gen, 2nd Gen)Moto E with 4G LTE (2nd Gen)DROID TurboDROID Ultra/Mini/Maxx

Motorola will begin sending this update to carriers today, but the company also said that the carriers have different requirements, which result in unique variants of the software. According to Motorola, there are over 200 variants of software that the company is working to patch, test and deploy. The company will prioritize the software that covers the largest groups of users at first.

When the patch is available, users should receive a notification about an update. They can also check periodically at Settings>About Phone>System Updates to see if they received an update.

If you’re not one of the the lucky ones to receive an update, Motorola recommended the following instructions to protect yourself against this type of exploit for the listed apps.

Messaging: go to Settings. Uncheck “Auto-retrieve MMS.”Hangouts (if enabled for SMS; if greyed-out, no need to take action): go to Settings > SMS. Uncheck auto retrieve MMS.Verizon Message+: go to Settings > Advanced settings. Uncheck Auto-retrieve. Uncheck “Enable weblink preview.”Whatsapp Messenger: go to Settings > Chat settings > Media auto-download. Disable all video auto downloads under “When using mobile data,” “When connected on Wi-Fi” and “When roaming.”Handcent Next SMS: go to settings>Receive message settings. Disable auto retrieve.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • firefyte
    I wonder how their statements apply for those without a carrier, having purchased their phones directly from retail and outside the US.
    Reply
  • MyDocuments
    Small wonder that there are fewer handset manufacturers nowadays what with having to pander to so many networks and therefore software variants. It must be nice to be Apple with their take it or leave it attitude towards the carriers. I guess Apple with never really be on an equal footing with any other manufacturer.
    Reply
  • Wild Biker Bill
    I wonder how their statements apply for those without a carrier, having purchased their phones directly from retail and outside the US.

    Bingo. I have a Moto G 1st Generation which I use as the Android equivalent of an iPod Touch. I neither want or need an additional data plan! Wifi gets me everywhere I need to go with this.
    Reply