PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

There's (Almost) Nothing You Can Do About Stagefright

Jordan Minor
 & Jordan Minor Principal Writer, Software

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Move over Heartbleed, there's a new ominously named digital threat that has the potential to engulf hundreds of millions of people. It's called Stagefright, and the information security community fears that 950 million Android phones are at risk of succumbing to the exploit.

While most Android hacks at least require victims to make some kind of mistake, like getting tricked into downloading malware, the Stagefright vulnerability could already be on nearly a billion Android phones regardless of what users do. And what's the real culprit behind a vulnerability this huge (besides the hackers of course)? The ongoing issue of Android fragmentation.

Break a Leg

According to Israeli enterprise mobile security company Zimperium, it's frighteningly easy for Stagefright to infect your phone. At fault is a recently detected flaw in Google's open source media library code, that allows attackers to execute code on your device just by sending you a text message. The Stagefright vulnerability could be used to put a phone and its data at the mercy of an attacker. Contacts, camera, microphone, and photos are under the hacker's control. Again, this can all happen completely under your nose. There are no external signs that the breach is occurring.

There are a few ways to protect yourself from Stagefright. In the Hangouts app go to Settings, select SMS, make Hangouts your default SMS app, and uncheck the box for "Auto-retrieve MMS." Now you can screen incoming MMS messages and avoid downloading anything suspicious. But while this may permanently prevent secret infestations, it's not a complete solution. You could still accidentally read a malicious text in a regular SMS app.

For a visual explanation, check out this diagram from Checkmarx, a company that provides code security analysis to make sure mobile apps in development are safe from exploits like Stagefright.

Recommended by Our Editors

I Was Sick of Android Apps Spying on Me, So I Tried GrapheneOS and PlugOS
I Was Sick of Android Apps Spying on Me, So I Tried GrapheneOS and PlugOS
Apple May Soon Add a Feature That Automatically Locks Snatched iPhones
Apple May Soon Add a Feature That Automatically Locks Snatched iPhones
Your Computer May Soon Require an Age Check. And It Might Not Take ‘No’ for an Answer
Your Computer May Soon Require an Age Check. And It Might Not Take ‘No’ for an Answer

stagefright fix

Split Personality

Unfortunately, the most foolproof ways to prevent attackers from exploiting Stagefright are out of reach for the vast majority of Android owners. If you have a Google Nexus phone or any other device running stock Android, you've probably already received an update that squashes the exploit. However, if your phone doesn't have access to the most recent updates, you'll be left vulnerable for who knows how long. There's nothing you can do. It's enough to make you want to root your phone and fix the problem yourself. Or buy an iPhone.

Stagefright is dangerous, but it's also frustrating because there's no reason it should have become such a large-scale risk. While it would've been nice if the vulnerability was discovered and dealt with earlier in development, at least Google quickly issued a patch for the bug. However, because Android is so fragmented, with so many different devices running their own slightly tweaked version of the mobile operating system, countless users won't be safe until the fix trickles down to them through the lethargic hardware manufacturers, if they even receive the fix at all. You can argue Android's openness gives it freedoms and benefits iOS lacks, but this is a case where the best thing for everyone would be for Google to have more control over its platform.

Stagefright will surely receive some attention at Black Hat next week. For more on the upcoming computer security conference make sure to keep reading PCMag.com. 

About Our Expert

Jordan Minor

Jordan Minor

Principal Writer, Software

My PCMag career began in 2013 as an intern. Now, I'm a senior writer, using the skills I acquired at Northwestern University to write about dating apps, meal kits, programming software, website builders, video streaming services, and video games. I was previously a senior editor at Geek.com and have written for The A.V. Club, Kotaku, and Paste Magazine. I'm the author of the gaming history book Video Game of the Year: A Year-by-Year Guide to the Best, Boldest, and Most Bizarre Games from Every Year Since 1977, and the reason everything you know about Street Sharks is a lie.

The Technology I Use

I use the newest Android and iOS smartphones for testing, but I currently use an iPhone 14 as my personal phone. I just hate that we gave up headphone jacks.

I've always favored gaming laptops over desktops. On that note, I have a 16-inch HP Envy with an Intel Core i9-13900H CPU and Nvidia GeForce RTX 4060 GPU. No matter what machine I’m working on, an alarming amount of my personal and professional life revolves around cloud-synced Google Drive files.

For food subscriptions, my household sticks with CookUnity and HelloFresh for meals. Video streaming is a bit more complicated. While there are too many services to list, we're subscribed to most of the major ones. These days, I find myself drawn to HBO Max's movies and shows, as well as Peacock's reality trash.

I've been a lifelong Nintendo fan, and I sincerely believe the Nintendo Switch will go down as one of the best gaming consoles of all time. It has an unbelievable library of new and old games from Nintendo and third-party companies. The handheld/console hybrid approach makes playing games so much more flexible, a legacy that continues with the Nintendo Switch 2 and Valve’s Steam Deck.

Read the latest from Jordan Minor

Read full bio