Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Stagefright Vulnerability Leaves 950M Android Phones At Risk of Hacking

by Fox Van Allen on July 27, 2015

Stagefright Vulnerability logoAndroid users beware: A security researcher is warning about a dangerous new vulnerability called Stagefright present in most versions of the mobile operating system (Android 2.2 and later). A hacker could use the flaw to steal data from your phone, spy on your conversations and potentially install other malware programs. An estimated 950 million Android phones – as many as 95% of all Android devices currently in use – could be affected.

According to Joshua Drake, the white hat researcher from Zimperium zLabs who discovered the problem, the security hole lies in the Stagefright media playback program in Android. It leaves devices vulnerable to attack via multimedia messaging (MMS) apps like Messenger and Google Hangouts. In Google Hangouts, Drake notes, MMS attacks “trigger immediately before you even look at your phone, before you even get the notification.” If a hacker knows your phone number, he could compromise your device simply by sending you a message.

“I’ve done a lot of testing on an Ice Cream Sandwich Galaxy Nexus where the default MMS is the messaging application Messenger. That one does not trigger automatically but if you look at the MMS, it triggers, you don’t have to play the media or anything, you just have to look at it,” Drake told Forbes. A hacker could even delete the message after its malware payload has been delivered, erasing the evidence that your phone has been compromised.

Drake first notified Google of the Stagefright vulnerability on April 9, and sent the company software patches to fix the problem. He has since reported and offered patches for six more vulnerabilities. Google has accepted the patches, but it could take another month or two for all of them to make their way to your phone. Even Google’s own Nexus 6 with up-to-date firmware is only protected against some of the vulnerabilities (as of this writing).

Thankfully, there are no known instances of this vulnerability being exploited. That said, it’s impossible to stay 100% protected from attack until your device is patched. Make sure you install software updates for your Android phones and tablets as soon as they’re available. You might want to stay away from using Google Hangouts for messaging in the meantime. You should also ignore unexpected messages from unknown sources.

[Image credit: Zimperium]


Topics

Phones and Mobile, News, Android Apps, Blog


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.