If you want information about the Stagefright exploit, we’ve prepared everything you need to know in five easy steps. There’s no need to worry as long as you stay in the know, and your device will be fine as long as you’re aware of how your device could potentially be hacked.
It’s nothing to get too worked up about, but it’s always best to stay aware of any potential exploits.
If you’re worried about malware we have a list of the best anti-malware apps available on Android, while you can also check out our review of Lookout if you need an antivirus app.
1. What is Stagefright?
Put simply, Stagefright is an bug that exposes vulnerabilities in the Android OS.
It originally made the news in 2015, when it became apparent that there was a problem with the MMS service on Android that could potentially lead to problems in the future. Any firmware up to 5.1 was said to be susceptible, and it also affected messages sent via Google Hangouts.
Google began work on patching the exploit as soon as the news broke, and most devices should now be secure. If you’re worried about your device, there’s a few things you can do to check if your device is still under threat.
2. There’s an App for That
Luckily, there’s a simple app you can download from the Play Store to see if your device is open to the exploit.
Stagefright Detector is an app released by Zimperium, who were the first to discover the exploit. They’re a cybersecurity firm so it’s safe to download the application to your device, and they won’t collect any of your personal information.
The app won’t be able to tell you if your device is infected, but it will be able to tell if your device could be vulnerable to the exploit.
The app is easy enough to use once you’ve downloaded it from the Play Store.
Open the app on your device, and tap Begin Analysis.
The app will now check to see if your device is susceptible to the vulnerability.
You’ll see a bright red bar that says Vulnerable if your device can be exploited.
That’s it, and it’s the easiest way for you to get definitive proof.
If your Android device is vulnerable to the exploit, check the next step for the best way to close any access for hackers. (If you can update your OS, it’s advised to do so as it could close any access for potential hackers.)
3. How to Disable MMS Auto-Retrieve
So what can you do to protect yourself from the original bug? It should be patched for most devices, but if you’re still worried you can take steps to keep secure. (Some older versions of Android didn’t receive the updates released by Google at the time.)
The best method is to go into your Settings menu in your Messaging application, and disable the MMS Auto-Retrieve option. It’s also advised to go the same for Google Hangouts if you have the service on your device.
This means that you’ll have to tap your messages to download them, instead of them automatically downloading on the server.
Aside from that, there’s not much else you can do. It’s a bit of a hassle to download your messages, but it’s the safest way to make sure your phone isn’t compromised if you’re running outdated firmware.
4. The Second Coming of Stagefright and What This Means
What’s worse is the news that up to a billion Android smartphones could potentially be vulnerable to the latest exploit found by the Zimperium team. (However, it is in their best interests as a cybersecurity firm to talk up the threat as much as possible.)
This time, the vulnerability was found in the processing of metadata within hacked MP3 and MP4 files, which could give hackers access to your information if you accidently clicked on a dodgy URL, or via a public Wi-Fi network.
5. Should You Be Worried About the New Exploit?
Should you be worried about the exploit? The honest answer is, probably not at the moment. Google will work quickly to fix any issues, and there were no confirmed cases of the exploits being used by hackers before they were found by Zimperium. As long as you stay aware, it’s highly unlikely that you will be hacked or have your personal information stolen.
It’ll probably only effect older devices that aren’t running the latest OS, so if your phone falls into that category be aware when you download any media from online resources, or websites that you haven’t used in the past.
Dodgy websites and videos should always be viewed with caution, but after the news of this exploit try to be especially aware while you’re using a shared Wi-Fi network, and update your device whenever you can.
If we’ve missed another way to tell if your device can be hacked, or you have any questions about Stagefright or hacking in general, let us know in the comments below.