NPR reported recently on the flaw at length and says that several phone developers including HTC, Silent Circle, HTC and Google have all accepted the patch and have either pushed it to users or plan to soon. T-Mobile, as well, has publicly committed to users that it will work towards getting this hole patched before it becomes a problem.. This is a good news/bad news situation though. We’ll start with the bad news. The bad news is while other developers are working on fixes, presumably, there is a good chance that older devices might not get the patch quickly as some phone developers and wireless companies are notoriously slow about updates. Both NPR and the original researcher who discovered the hole have all said that it is unlikely that the security breach has been utilized as much as it could be. The good news is that if you have a newer version of Android (4.4 or higher) there is a way to minimize the risk of the malicious code being downloaded without your knowledge simply by changing the settings in your messaging app. Here are the steps:
- Open the Messenger app
- Click the three dots in the upper right hand corner, then Settings
- Tap Multimedia Messages
- Uncheck the box that says Auto-retrieve.