A vulnerability has been discovered in the Android operating system that allows a remote attacker to access your entire device, including all apps, data and camera simply by having your mobile phone number. This is vulnerability is being referred to as “StageFright”. All Android based phones after and including versions 2.2 are vulnerable.
An attacker can use your mobile number to remotely execute code using a “specially crafted media file”, such as a picture or video, delivered via text message. You are especially vulnerable if you have your device configured to auto-download media in your messaging apps. You don’t even have to view the message for the attack to succeed!
Google has issued a patch for its Nexus devices. Manufacturers of other Android devices have not done this, yet. In lieu of a patch, ITS recommends preventing auto-downloading of SMS and MMS messages on your Android device to protect yourself.