Stagefright: major Android security flaw affects millions
Hackers can use the vulnerability to read text messages, look at photos and spy on Android owners through their phone's camera
Android users have been warned that a major security flaw, nicknamed Stagefright, allows hackers to access smartphones simply by sending a malicious text message.
The flaw is thought to affect the vast majority of Android users and means hackers can read messages, look at private photos or even spy on users through a smartphone's camera and microphone.
According to Joshua Drake, the researcher who found the flaw, hackers can exploit the vulnerability to take control of almost any Android phone simply by sending an infected video via MMS (multimedia messaging service).
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Users cannot even defend themselves by filtering out suspicious messages because the way Google pre-processes videos to make them quicker to view means that the bug will infect a phone "before the sound that you've received a message has even occurred," Drake said in an interview with NPR.
So far, there is no known solution for the problem, but security analysts say that Google is likely to be working on a fix that can be distributed as soon as possible, The Guardian reports.
Chris Wysopal, the chief information security officer for mobile security service Veracode said that "it will be very interesting to see how Google responds to this. They'll have to drive the patch quickly and in a manner that impacts every affected device at the same time. Waiting for handset manufacturers or carriers to issue a patch would be problematic since it could take a month or more.
"This would leave a big window for an attacker to reverse engineer the first patch issued by whichever party to create an exploit that would impact any device. We're likely to see Google force down a tool that addresses the vulnerability for everyone."
Fortune's Robert Hackett advises that the only thing users can do to try to protect themselves is to change the settings for apps that use MMS, such as Messages and Hangouts. " Un-click 'automatically retrieve MMS messages'," Hacket says. "In the meantime, consider using Snapchat or WhatsApp to swap clips, GIFs, and whatnot."
Video: 950 million Android phone vulnerable
[[{"type":"media","view_mode":"content_original","fid":"83498","attributes":{"class":"media-image"}}]]
Create an account with the same email registered to your subscription to unlock access.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Melting polar ice is messing with global timekeeping
Speed Read Ice loss caused by climate change is slowing the Earth's rotation
By Peter Weber, The Week US Published
-
The Week contest: Stick guitar
Puzzles and Quizzes
By The Week US Published
-
'Sports executives ushered a fox into the henhouse'
Instant Opinion Opinion, comment and editorials of the day
By Harold Maass, The Week US Published
-
Artificial history
Opinion Google's AI tailored the past to fit modern mores, but only succeeded in erasing real historical crimes
By Theunis Bates Published
-
Is Google's new AI bot 'woke'?
Talking Points Gemini produced images of female popes and Black Vikings. Now the company has stepped back.
By Joel Mathis, The Week US Published
-
Why Google search results have 'gotten worse'
Under The Radar Search engines are 'flooded' with 'garbage' content, say experts
By Chas Newkey-Burden, The Week UK Published
-
2023: the year of the AI boom
the explainer This year, generative artificial intelligence bypassed the metaverse and became the next big thing in tech
By Theara Coleman, The Week US Published
-
Is using Google's Enhanced Safe Browsing mode worth it?
Talking Point The mode has its positives and its drawbacks
By Justin Klawans Published
-
Google is pitching an AI journalism tool to major news outlets
Talking Point News executives find the technology called Genesis unsettling
By Theara Coleman Published
-
Forget junk mail. Junk content is the new nuisance, thanks to AI.
Speed Read AI-generative models are driving a surge in content on fake news sites
By Theara Coleman Published
-
Why hasn't Google enforced its policy to stop climate disinformation?
Talking Point Is Google's acceptance of climate misinformation intentional?
By Devika Rao Published