Product Reviews

Welcome to Consumer Reports.

We’re so glad to have you as a member. You now have access to benefits that can help you choose right, be safe and stay informed.

Is your Android phone at risk from the Stagefright hack?

If you bought it in the last five years, the answer is probably yes

Published: July 27, 2015 10:45 PM

A vice president of the mobile-security firm Zimperium recently revealed that 95 percent of all Android phone owners are vulnerable to malware attacks due to flaws in the media processing software—unfortunately named "Stagefright"—that Google has used in its mobile operating system for the last five years. More troubling still, those attacks can be triggered without any action from a phone's user.

According to Zimperium’s Joshua Drake, a hacker could conceivably hide a virus in a video file, text the video to your phone number, unleash the virus via the Stagefright software, and remove the text message without you knowing about it. Once that happened, the hacker could silently access your photos stored on SD cards, Bluetooth radio, and the phone’s audio and video recording functions.

Drake informed Google of his discovery in April and the company responded to the threat within 48 hours, using patches supplied by Zimperium. “Patches have already been provided to partners that can be applied to any device,” Google informed Android Central. However, in the intervening months, Google’s Android partners have been slow to provide those patches to consumers.

Silent Circle patched its Blackphone and Mozilla eliminated the flaws in version 38 of its Firefox browser, which uses Stagefright to play videos, Zimperium reports. According to Forbes, HTC has addressed the issue in all projects released since early July. But most of the 950 million at-risk users remain vulnerable to attack because of slow responses from other smartphone makers and cell service providers.

News of Drake’s discovery comes less than a week after a team of security experts exposed similarly startling vulnerabilities in software installed in late-model Jeep Cherokees. Fiat Chrysler responded by announcing a voluntary recall for 1.4 million vehicles.

For now, if your phone runs Android 2.2 or later, we advise you to contact the manufacturer of your phone or your carrier to inquire about patches for your phone. To learn more about data theft, read our report about why your secrets aren’t safe online.

Chris Raymond

Has your phone been hacked?

Tell us and other readers what happened by adding a comment below.



Find Ratings

Cell phones Ratings

View and compare all Cell phones ratings.

Mobile security software Ratings

View and compare all Mobile security software ratings.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more