Android’s Stagefright Puts Millions of Users at Risk

September 14, 2015, Written By John H. Oldshue
Kiev Ukraine - September 24 2014: Close-up shot of brand new Google Nexus 5 powered by Android 4.4 version with Android logotype on a screen.

On September 12, mobile security company Lookout e-mailed users to alert them of a security vulnerability called Stagefright, which allows an attacker to control and steal data from Android devices by sending infected multimedia messages (MMS). Stagefright is used on 95% of Android devices, so it affects nearly one billion people worldwide.

Worst of all, users don’t need to open the message to be infected. The message will automatically be downloaded to the device.

Zimperium, a mobile security firm, initially discovered the vulnerability earlier this summer. Stagefright gives hackers access to all of the data stored on your phone, including bank information, the phone’s camera and microphone, contacts and photos.

Many apps can be used to exploit Stagefright, including Google Hangouts, Android’s default messenger app. Smartphones with Android 2.2 are vulnerable, and anyone with a version prior to Jelly Bean is at the highest risk.

Nvidia has said its latest update for its Shield tablets has a security patch for Stagefright, and Google told PCMag that many Nexus devices have already been fixed. To see if an update is available for your device, Lookout recommends going to “Settings” on your phone and clicking, “System Updates.”

In its e-mail to users, Lookout provided a link to download their new Stagefright detector app. It will tell you whether your device is vulnerable, and once a patch is released, the app will be able to analyze whether it worked. Zimperium has similar software available.

All major cell phone manufacturers and Google are working to patch the vulnerability. Until then, consider downloading a mobile security app to protect your device.

The information contained within this article was accurate as of September 14, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.