ZTE phone hacked with Stagefright. What are my options?

[JonathanRabson]

I saw a text message thread in the Messages icon and opened it, thinking maybe it was from someone I know. When I opened the thread, it seemed to be trying to download a picture or video. Then I noticed that the message thread no longer appeared in the messages list. I did some research and realized I must have been hacked with the Stagefright vulnerability; the MMS downloaded automatically when I opened the thread, and this must have executed something with a buffer overflow hack; the fact that the message thread disappeared means that the hack was successful. I was not connected to wireless at the time and do not have a data plan. I looked for files, apps, downloads, and didn't see anything that I would know would be suspicious, but there are a lot of system apps, so I don't know what to look for, and I don't know if maybe existing apps are infected now. I saw hangouts was active for some reason, so I stopped the service, and rebooted the phone.

I have no idea what it executed on the phone and what sleeper cell may be in there. I figure that as long as I never turn the wireless on again, I might still be able to use the phone to make calls (although maybe it's doing stuff through SMS that I don't know?)

I have pictures that I would like to upload but am scared of connecting to the internet, or even having bluetooth connected if it might hack my car.

What are my options, short of doing a factory reset or buying a new phone?

 

[Kizzy Catwoman]

Firstly back up your phone with an on the go USB flash drive. Backup the photos and any documents you may need to keep. Then do a factory reset and set up your phone from scratch. This is the only way to wipe any virus you may have triggered. You can get a USB c (is it a USB c charging point?) Flash drive from Amazon for a few dollars or pounds. Don't connect to the Internet by phone until you have backed up those files manually.

That is what I would do at this point.

 

[B. Diddy]

Welcome to Android Central! Which ZTE phone do you have, and what Android version is it running? Stagefright is a pretty old vulnerability, and it was patched a while ago on Nougat. Android 10 gave even further protection against attacks like this. This is a good example of why system updates are important.

If you have a really old device running Marshmallow or earlier, then your concerns may be valid. If you have one running Nougat or later, then it's probably not Stagefright.

Do you recall exactly what the message looked like? If it simply said "Tap to Download," that could have been an MMS message (like a picture text or or group text) sent from an actual contact of yours that wasn't able to come through due to problems with your mobile data (e.g., if it was turned off, or if your reception was poor). MMS requires mobile data, so if the phone can't access your mobile data, you'll see that kind of message.

 

[JonathanRabson]

Hi, thanks for the advice. Yeah, I looked it up; it had a really old Android version and Z812 phone. I don't remember exactly what the message looked except that something was loading, and I think maybe something black came up for a split second.

 

[B. Diddy]

This would be a good time to upgrade your phone to a more current one. Even if you ended up dodging a bullet with this ZTE phone, the fact that it's so old means that you remain highly vulnerable to various attacks.

It's not clear to me what a hacker could do with the Stagefright vulnerability -- it looks like it basically opens a phone up so that a hacker can execute other code. Although it's unlikely that they could suddenly gain access to your sensitive accounts, this would still be a good time to change the passwords for to these accounts, and make sure they're very strong passwords (i.e., not easy for anyone to guess -- no obvious words or dates that could be important to you). Also use 2-factor authentication wherever you can.