Stagefright: Are You Still At Risk?

How to find out if your smartphone is still vulnerable

Stagefright Detector App
Molly McLaughlin

Is your Android smartphone any safer than it was last month? You've probably heard about Stagefright, a huge Android security flaw recently discovered by a researcher at Zimperium zLabs. In short, hackers can gain control of your phone simply by sending a corrupted image or video to your Android phone via MMS. The scariest part is that you don't even have to open the text. I've already written about a way to protect your device while waiting for a security patch: by disabling the auto-retrieval of multimedia messages.

If your carrier has already pushed out the 5.1.1 Android update to your smartphone, you probably think it's safe to turn this feature back on; and why wouldn't you?

Well, unfortunately, that update contains a flaw, meaning that your up-to-date device may still be breached. This time, it was researchers at the firm Exodus Intelligence who discovered the flaw. Google has fixed the flawed patch, but that may not reach your device for weeks.

So what is an Android user supposed to do? Luckily, Zimperium zLabs has built an app that will scan your phone to determine if it's still vulnerable. I used it myself, and that's how I figured out that my phone, the Samsung Galaxy S6, remains vulnerable, even though it's up to date. Until then, I won't be changing my MMS settings--nor will I be opening text messages from unknown numbers. Download this app right away to confirm whether your phone is vulnerable to the Stagefright threat.

Android Security Apps

Android's universe is much more complicated than the iPhone's. Apple is able to push out updates directly to its phones, due to its deals with wireless carriers. And since Apple builds both the software and hardware, there are no third-party manufacturers in the mix. Using an Android device means you need to take measures to protect your device, at least until Google, LG, Samsung, and others can work with the carriers to speed up updates.

Just like you should protect your computer with security software, you can also download security apps for your Android to stay one step ahead of hackers and malware.

Most companies that provide desktop security software have added mobile apps to their arsenal, including Avast! and Bitdefender. Carriers also offer their own apps, including Sprint Protect and Verizon Support & Protection. Lookout Security & Antivirus has teamed up with AT&T and T-Mobile to provide a built-in security app. Rooting your phone gives you access to even more robust security apps such as Titanium Backup

How Google and Android Hardware Manufacturers Have Responded

As I said, it's the wireless carriers that distribute Android system updates, not Google or hardware manufacturers, which means that you may have to wait as long for important security updates as for small bug fixes. Google, LG, and Samsung have all pledged to put out monthly security updates, a big step forward; however, the wireless carriers are still the gatekeepers. The exception is if you have a Nexus device, Google sends updates to the Nexus line directly.

The hope is that this disaster will change the way the Android updates are distributed in the future.

With so many Android devices out in the world, consumers can't wait around while Google and third-party manufacturers struggle to get security patches through the wireless carriers. Something's got to give.