Stagefright poses threat to Android phone users

It’s being called the biggest smartphone flaw ever discovered.

Nearly a billion phones worldwide are vulnerable to it. One simple malware-laden text message can infect 95 percent of Android phones.

A mobile security researcher recently uncovered the flaw, a bug named Stagefright, in Android versions 2.2 and on.

The Better Business Bureau warns smartphone users to watch for fixes for the bug and to continue to take steps to safeguard their Android devices from the seemingly endless threats that come from hackers and scammers.


The worst thing about the new Stagefright hack is that a phone user can have their device infected without ever having taken any action like clicking a link or opening an image. All that is required of the hacker is that they know your phone number.

They then send a multimedia message that’s infected with malware. After that they can steal your data, your photos, or hijack your microphone or camera. All of this is done without the user’s knowledge because the attacker can delete the message before the victim ever knows it was sent.

Fixes for the bugs are being provided by Google to its “partners:” phone carrier services like AT&T and Verizon, and manufacturers like Samsung, Motorola, LG and others, who issue the software updates. Some in the tech field have criticized this multitiered system because it delays response times to such hacks.

Actions to take

Smartphone users are urged to be aware of the fact that the devices are vulnerable to hackers, malware, spyware and viruses just the same as a desktop or laptop computer.

A recent survey found that more than a quarter of smartphone users are not aware of common security threats to their phones. More than half were found not to know enough about smartphone security to even decide whether they need it.

When you add that to the finding that 17 percent of consumers use their mobile device as their primary tool to access the Internet, you have a recipe for trouble.

Make these your common practices:

▪ Lock your phone. Losing it means your personal data is at risk. Use protective security codes so no one else can get your data. Set it to lock when not in use for a specified time.

▪ Don’t ignore update alerts. They close security loopholes.

▪ Research an app or link before clicking on it. They may have viruses or malware attachments.

▪ Public or unsecured Wi-Fi networks are dangerous. Don’t enter passwords or personal data while using them.

▪ Turn off Bluetooth when it is not being used. It is a wireless connection between your phone and other devices.

▪ Learn how — in your owner’s manual or from your wireless provider — to check your apps to see what data they are accessing and revoke permissions for data they don’t need to operate.

▪ Report a missing or stolen phone at once to your wireless carrier.

▪ Back up your data, apps, information and photos in case your phone falls into others’ hands.

▪ Carefully read your phone bill. Watch for sudden increases in data usage, unauthorized app or service charges.

▪ Watch for strange texts or service disruptions that can indicate you have been hacked.

▪ Erase all data from a phone you are getting rid of. Online tutorials can show you how.

▪ Shop online carefully. Be sure there is an “s” in https:// addresses to assure security.

▪ Check out sites with the BBB.

In a world seemingly filled with hackers, constant vigilance is mandatory in order to keep your smartphone safe.

Denise Groene is the state director of the Better Business Bureau of Kansas. Contact the bureau at 800-856-2417 or bbbinc.org.