This is a quick post as I’m a but busy at the moment, but it’s worth saying something about it this serious Android security flaw.
As I understand it, there is a buffer over run problem with the decoder for MMS messages. On receipt and decoding of a specially crafted MMS an attacker can get control of the process,
which on Android 4 or later means access to SD card data, your camera and microphone and other awkward stuff. On Android 2 they get the whole phone. I’ve yet to be convinced that this is a game over type problem on Android 4 but it bad enough. On earlier versions of Android, it’s a complete disaster.
The solution, of course, is to get a software update from your phone manufacturer. Good luck waiting for that to arrive.
My advice in the meantime is to disable MMS messages completely. I do this by default, because I think they are ridiculously overpriced and there are plenty of other alternatives such as email or even Instagram (so I’m told buy the teenagers hereabouts).
If you want to disable MMS, proceed as follows:
Go to phone settings. The last entry under Wireless and Networks will be More…
Here you will find “Mobile networks”, and under there will be ” Access point names”. On dual SIM phones you will now have to choose each SIM in turn, otherwise you’ll go straight to a list of profiles. This list may contain only one entry.
Choose the entry that is selected, i.e the one you are using. What you will find next depends on the version of Android you have. However somewhere down the list there will be an MMS service centre URL, beginning with HTTP and looking like a web address. Simply delete the contents of this field, and while you are at it, remove the entry for MMS proxy if you have one. This tends to be a dotted quad i.e. an IP address.
Just save this, and you will not be able to send or receive MMS messages from your phone.