Six critical vulnerabilities have left 95 per cent of Google Android phones open to an attack delivered by a simple multimedia text, a mobile security expert warned today. In some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data.

via: http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/

Still trying to process what one can easily do about this (apart from disabling network access and turning off one's affected Android devices -- may be it's important to be careful about what one does after turning it back on too...).

Some related info:

  http://www.theregister.co.uk/2015/07/27/android_phone_text_flaw/
  https://threatpost.com/android-stagefright-flaws-put-950-million-devices-at-risk/113960
  http://it.slashdot.org/story/15/07/27/1416257/stagefright-flaw-compromise-android-with-just-a-text

Worth checking one's access point settings and https-running web server configuration?

Almost a third of the world's encrypted Web connections can be cracked using an exploit that's growing increasingly practical, computer scientists warned Wednesday. They said the attack technique on a cryptographic cipher known as RC4 can also be used to break into wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol.

via: http://arstechnica.com/security/2015/07/once-theoretical-crypto-attack-against-https-now-verges-on-practicality/

---

Upstream site and paper:

http://www.rc4nomore.com/
http://www.rc4nomore.com/vanhoef-usenix2015.pdf

Quotes from site:

When you visit a website, and the browser's address bar contains a lock icon , the HTTPS protocol is used to protect your communication with this website (providing security and privacy). HTTPS supports several encryption techniques, one of them being the famous RC4 algorithm. At one point RC4 was used 50% of the time, with the latest estimate being 30%. Our RC4 NOMORE attack exposes weaknesses in this RC4 encryption algorithm. More precisely, in most situations where RC4 is used, these weaknesses can be used to reveal information which was previously thought to be safely encrypted.

Is WPA-TKIP also vulnerable?

Yes. We can break a WPA-TKIP network within an hour. More precisely, after successfully executing the attack, an attacker can decrypt and inject arbitrary packets sent towards a client. In general, any protocol using RC4 should be considered vulnerable.