Android Stagefright Vulnerability Affects At Least 6.1M South Africans

Written by Dana Sanchez

At least 6.1 million Android mobile device users in South Africa could be affected by Stagefright, a security flaw that lets an attacker take control of a phone simply by sending a text message, according to reports in ITNewsAfrica and TheGuardian.

It’s still not clear how many people are affected globally by the Android Stagefright vulnerability, according to ENGadget.

Forbes reported that Stagefright could affect 950 million Android users.

“The company that discovered the flaw, Zimperium, released a tool, the Stagefright Detector App, to at least let you know if you’re patched against it,” Steve Dent wrote in ENGadget. “Google issued a fix a while ago, and you’re protected if you have a Nexus device. But if you own nearly any other smartphone — even a brand new one like Samsung’s Galaxy S6 — you’re probably still at risk.”

Left unpatched, and with no reasonable workaround, devices are exposed right out of the box, ITNewsAfrica reported. The vulnerability cannot be fixed, only updated when a new software build is pushed to the device – a notoriously slow process. Android also offers no way to revoke certificates used to sign vulnerable plugins.

Android users can check to see if their device is vulnerable by downloading the Certifi-gate app.

The flaw highlights how Android’s fragmentation problem leaves the platform much more vulnerable to attacks than Apple’s iOS. When Apple issues a patch, every iPhone owner gets it, Dent wrote in ENGadget.

Stagefright affects part of the operating system by letting an attacker read and delete or spy on the owner through cameras and microphones, TheGuardian reported.

In July, Vodacom South Africa reported that it had 6.1 million Android users on its network — more than 60 percent of its subscriber base. That far exceeds BlackBerry, which has 2.2 million users, ITNewsAfrica reported. This reflects a huge change in loyalty. Vodacom reported 1.4 million Android users in 2013. Android is now in the No. 1 position among mobile service providers in South Africa.

Check Point Software Technologies discovered the vulnerability in Android that affects devices made by major manufacturers including LG, Samsung, HTC and ZTE. The team disclosed its findings in a briefing for Black Hat, a global information security event that was held Aug. 5-6 in Las Vegas.

Details of the bug were revealed to Google in April, TheGuardian reported. The company was provided with patches for the errors to ensure, in theory, that users are never put at risk from the bug. Joshua Drake, the researcher who discovered the flaw, negotiated a 90-day embargo before he went public.

“The problem is, (people) rarely stop to think about whether their data is secure,” said Doros Hadjizenonos, manager of Check Point South Africa, according to ITNewsAfrica. “This vulnerability is very easily exploited, and can lead to the loss and dissemination of a user’s personal data. It’s time to take mobile security seriously.”