Android 'Stagefright' Bug Leaves Up To 950 Million Devices At Risk

Update your phone's software as soon as you can.

Android owners beware: Your device is likely at risk for malware that's transmitted via text message.

The security flaw was discovered by Joshua Drake at Zimperium zLabs back in April. He informed Google, which makes the operating system, then publicized the bug on Zimperium's blog Monday. Wired reports the malware is able to target any smartphone running Android 2.2 or later. That version of the operating system was introduced in 2010, so it's a good bet your device is at risk.

Thomas Fox-Brewster of Forbes reported the problem has to do with Stagefright, a tool that allows phones to play media. According to Forbes, an attacker could send a specific type of multimedia message, or MMS, to an individual's phone and pilfer their data, including photographs and video. The attacker could also take new pictures or record audio from a compromised device. Perhaps worst of all, the bug is able to infect phones without users actually opening anything themselves.

"You don’t have to try to play the media or anything, you just have to look at it,” Drake told Forbes.

Drake declined to be interviewed for this article due to a hectic work schedule, but a representative for Google told HuffPost that fixes are already on the way.

"The security of Android users is extremely important to us, so we've already responded quickly to this issue by sending the fix for all Android devices to our partners," the spokeswoman said.

Unfortunately, Google has many partners. Phone manufacturers like Samsung or Motorola are ultimately responsible for patching their devices, and those patches have to move through carriers like Verizon or AT&T.

"This is a perennial problem with Android," cyber security expert Bruce Schneier told HuffPost. "Unlike iOS, where your phone comes from Apple and Apple can flick a switch tomorrow and every phone gets updated."

There's a benefit to Android working with so many different companies: More competition means a diverse line of products and cheaper options for consumers. But when major security bugs arise, it's difficult for all users to have their phones patched at once, Schneier said.

So, Google's cooked up a fix, but someone else has to serve it to you.

It's unclear when that will happen. Keep your eyes peeled for a prompt to update your phone's software, and don't procrastinate when it becomes available. The silver lining is that the problem has not been found to actually affect any phones yet -- but you certainly don't want to be the first.

Popular in the Community


What's Hot