A little more than a year ago, the Heartbleed bug made headlines, due to its potential to expose millions of usernames and passwords to hackers. While that security issue is all but forgotten by most people today, there is a new, possibly more dangerous, security vulnerability on the horizon: Stagefright.
What Is Stagefright?
Simply put, Stagefright is a bug that has the potential to infect up to 95 percent of all Android device users. While the researchers who discovered the bug believe that it is the most dangerous to those running Android 2.2 or higher, some experts believe that all users are at risk, since those using older or non-updated devices don’t have the same security infrastructure as the newer devices. Either way, millions of devices are at risk — and it’s serious.
Stagefright, unlike most malware that requires a user to actually download and install the application in order for it to take hold, can actually be sent by a simple text message, and you don’t even have to open the message to be infected. Basically, all a hacker needs is your phone number, and he or she can send malware that has the potential to allow the phone to be “hijacked.”
When that happens, the hacker can gain access to your contacts and messages, steal other data on the device (like passwords), and take over the device’s camera and microphone, allowing them to spy on you. What makes this bug even more frightening is the fact that hackers, once they gain control of your device, can erase the offending text, so the user doesn’t even know that he or she has been infected.
The good news is that experts say that there is no evidence thus far that any Android devices have been infected by the Stagefright bug thus far. The bad news is that due to Android’s open source nature — a fact that has made it so popular worldwide — issuing a fix for the bug is a bit more complex than one might expect. There is a patch available to close the security loophole that would allow Stagefright to take hold of a device, but it’s being released to device manufacturers, who then take on responsibility for issuing the patch. Most of the major telecommunications partners have begun to incorporate the patch into new updates, but the vast majority of existing devices are still unprotected.
Protecting Yourself Against Stagefright
Given the anticipated delays in protecting all Android users against the risks of this dangerous bug, what can you do to protect yourself while you wait for an update?
One step is to install an Android security product to protect your device and data from malware, as well as protect your identity and information in the event that your phone is lost or stolen. Even if you aren’t affected by Stagefright, other malware and harmful apps can put your information at risk, so installing security protection is a worthwhile investment.
Other ways you can protect yourself from Stagefright include:
- Install all required updates pushed from your device manufacturer. Failing to install these updates leaves you vulnerable to security threats like Stagefright, as well as issue with performance.
- Never click on links in text messages without researching them first.
- Secure your connection. Turn off Bluetooth when it isn’t in use so it is no longer connected to other devices, and avoid using unsecured Wi-Fi networks. Hackers watch public Wi-Fi in places like coffee shops and shopping malls to gather data being transmitted by unsuspecting users. If you must use Wi-Fi, never send any sensitive information, such as banking passwords or credit card numbers.
- Guard your phone number. Stagefright spreads via text message, so hackers could be harvesting phone numbers to send the malware randomly. Don’t share your number unnecessarily; consider using a fake phone number or a landline only when online forms call for a phone number.
- Learn the signs that your phone has been hacked. Unexplained or unauthorized charges, unusual service interruptions, increased spam texts, and excessive data usage are all signs that your phone may not be entirely under your control.
Google and its telecommunications partners are working diligently to mitigate the risk of Stagefright and protect millions of users from being infected. You can protect yourself by making security a priority, understanding the risks, and taking steps to keep your device and data safe.