According to media reports Android devices are currently affected by a security vulnerability. An American researcher has found a vulnerability in a system component ("Stagefright" and others) that is used to play media files. All Android devices can be affected by it – independently of the network operator. The vulnerability affects media files regardless of how they are received (via MMS, WhatsApp, Hangouts, Facebook, YouTube and so on). The criminal abuse is made possible through opened media files (audio, video, photo) that are being received through any service. The malware then can distribute itself via the contacts library of the device.
To protect our customers Deutsche Telekom will temporarily switch from automatic to manual download of MMS messages as of August 5, 2015. As a result of this change, potentially infected MMS messages will no longer be downloaded automatically without user action. When they receive an MMS, customers will receive an SMS with the note "You have a new MMS. You can download it within three days at the following link (with your login data)." The content of the MMS can be retrieved through the link and with specification of the login credentials. The file could still be infected, however, which is why customers should exercise caution when downloading and opening files – as is the case for all media files.
Deutsche Telekom is working with the vendors to find a way to close this security gap. As soon as a solution becomes available, we will change back to "normal" MMS dispatch.