The "Stagefright" Android Bug Will Let An Attacker Hack Into Your Phone With Just One Sent Message
Do you remember a few months ago, when news went around that there was a text message you could send to iPhones that would completely shut them down? People were freaked, and rightly so. But I've got unfortunate news for you. There's a new terrifying phone message that will harm your phone without your doing anything, but there are two key differences: 1) This time, it's targeting Androids, and 2) It's a lot worse. It's called the "Stagefright" hack. Unlike the iPhone message, which, when received, just shut down the recipient's phone, the Stagefright message is built in a way that allows attackers to actually hack into your phone, giving them access to your device, your storage, your camera, and your microphone. According to Wired, it's the "one of the worst Android vulnerabilities discovered to date."
Not cool, right? According to Forbes, researchers claim that most — about 95 percent — of Android devices are susceptible to the text. But there are fixes in place. A Google spokesperson told Tech Crunch:
The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.
Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.
Although Google has already implemented fixes that will patch up your phone with a simple update, Tech Crunch reports that it's up to device manufacturers to push the update out. So if you have an older model phone that doesn't get updates often, it might take longer to get the patch, or you might not get one at all.
If we look on the "bright" side, this message isn't as nearly as easy to send as the iPhone message was. While the iPhone shutdown text could be sent by "friends" to "friends," the Stagefright hack is more sophisticated, modifying the code in a video message in order to access the phone's information. But, to give you a little more bad news with that small dose of silver lining, this message can do harm to your phone even if you never open it. And the attacker can delete the message themselves, so you'd never have any idea that someone is currently looking at all your data. According to Wired, researchers at Zimperium zLabs, who discovered the bug, said:
If 'Heartbleed' from the PC era sends chill down your spine, this is much worse.
So. There's that. Zimperium doesn't think the flaw has yet become widely known enough that many people are exploiting it, but the vulnerability is still incredibly dangerous. There's not much else you can do, besides update your phone immediately and watch for any strange messages that may pop up. If your phone manufacturer has yet to push out an update, contact the company and ask it to do so. For now, at least, HTC has said all updates to phones from now on will include the fix.
Images: Getty Images (2)