It looks like Google and all Android manufacturers have a very serious issue on their hands. A new security flaw was discovered in Stagefright, the media playback tool that Android uses, that allows an MMS message to seriously compromise your device. And worst of all, it affects almost all Android devices since Android 2.2.
The way it works is an attacker only needs to know your phone number. They send you an infected MMS message, which often doesn’t need to be opened to be activated. Many SMS apps auto-retrieve MMS messages for quick viewing, meaning you’ll be infected in the background. This allows access to photos stored on SD cards, Bluetooth, and even activating recording of audio and video.
Google is aware of the bugs and the guys who found the exploits have submitted patches that Google will be pushing out. Nexus devices will likely be getting the fixes first, though it’s known that the Nexus 6 isn’t even safe at the moment. When it comes to other devices… good luck. An update might not be available for a while.
I don’t know if it’ll help, but set auto-retrieve MMS to off in your messaging app of choice, and don’t open MMS messages from strange numbers. Stay safe and hope the next update fixes what may be the worst Android security flaw ever found.