TIME Android

Stagefright: Everything You Need To Know About Google’s Android Megabug

The Latest Mobile Apps At The App World Multi-Platform Developer Show
Bloomberg—Bloomberg via Getty Images A logo for Google Inc.'s Android operating system is displayed on an advertising sign during the Apps World Multi-Platform Developer Show in London, U.K., on Wednesday, Oct. 23, 2013. Retail sales of Internet-connected wearable devices, including watches and eyeglasses, will reach $19 billion by 2018, compared with $1.4 billion this year, Juniper Research said in an Oct. 15 report. Photographer: Chris Ratcliffe/Bloomberg via Getty Images

Here's a friendly Q&A to help you understand what happened, why it is a problem that still needs fixing, and what you can do about it.

Stagefright? What? Huh? That’s what you’ve been asking yourself ever since the Internet erupted yesterday over the announcement of a big computer bug in Google’s Android operating system.

In fact, you might still be wondering: Is my phone safe? Wait, the Internet erupted? Did it actually explode? (Is that even possible?)

Thankfully, no. I mean maybe, but as long as you’re still able to read this then I think we’re doing okay. Anyway, for those who still have questions about all the hullabaloo, Fortune has drafted a friendly Q&A to help you understand what happened, and why it is a problem that still needs fixing.

What is stage fright?

Stage fright is the nervous sensation a presenter feels before appearing publicly. (Say, for example, at a major security conference next month.)

Stagefright, on the other hand, is the nickname of a terrible Android flaw found in the open source code of Google’s Android operating system. The vulnerability, disclosed on Monday, may be the worst one to date. It puts 95% of Android devices—950 million gadgets—at risk of being hacked.

Where does the name come from?

“Stagefright” is the name of the media library—a portion of Android’s open source code—in which the bugs were found. It’s obviously a great bug name, too.

No lie. What does that media library do?

Stagefright—the library, not the bug—helps phones unpack multimedia messages. It enables Android phones to interpret MMS content (multimedia message service content), which can contain videos, photos, audio, text, as opposed to, say, SMS content (short message service content), which can contain only 160 characters. The bugs are in that library.

Wait, I thought you said Stagefright is a bug, not bugs?

Okay, okay. So Stagefright is a collection of bugs, if you want to be technical. Seven to be exact. If you want to get real technical, their designations are:

  • CVE-2015-1538,
  • CVE-2015-1539,
  • CVE-2015-3824,
  • CVE-2015-3826,
  • CVE-2015-3827,
  • CVE-2015-3828, and
  • CVE-2015-3829

But for our purposes, I’ll just refer to them collectively as Stagefright. A singular bug set; one vulnerability.

Fine, that seems easier. Why should I care about it?

Well, if you’re an Android user then your device is probably vulnerable.

Is that bad?

That means an attacker can infect your device simply by sending you a malicious MMS message. (Remember that acronym? Multimedia message service.) In fact, a victim doesn’t even have to open a booby-trapped message for the attack to spring. Once the message received, your phone is toast.

Er…that doesn’t sound good.

Right. Once inside, an attacker can access your phone’s data, photos, camera, microphone. What’s worse is that a clever baddie can delete the booby-trapped message from your phone before you even realize that your device has been compromised. So basically, yeah it’s bad.

That does sound bad.

Yup. And it gets worse! Imagine this scenario: Someone attacks your phone, steals your contact list, automatically targets those devices—rinse, repeat. Now everyone’s infected.

That’s what we like to call a computer worm.

How long has this been the case?

About five years.

What?? You mean my phone has been open to attack this whole time???


Surely, Google must have patched it by now!

You’re right! Google patched the bugs right away. The company learned about one set of vulnerabilities in April and another set in May. The person who discovered the problems—Joshua Drake, a researcher at the mobile security company Zimperium zLabs—says he provided patches, and Google adopted them within two days. (The company reportedly paid him $1,337 for his work.)

Woohoo! So I’m safe?

Nope. The problem isn’t fixed.

What? Huh? Why?

That’s because Google’s Android ecosystem relies on its partnering phone-makers to push out software upgrades. That means Samsung, HTC, LG, Lenovo, Motorola, Sony, among others, are responsible for delivering the patches to customers.

Have they done so yet?

CyanogenMod, Mozilla, and Silent Circle’s Blackphone have.

I don’t use those…

Then you’ll have to wait. The other companies have issued statements that basically say, “We’re working on it.” You can read them here.

Is there a way to test whether I’m vulnerable?

If you’re using a phone that runs on Android version 2.2 or above, you may as well assume you’re at risk. The most vulnerable phones predate Jelly Bean (version 4.1), and that accounts for about 11% of Android phones on the market.

(We’ll add a link to a test when one comes to our attention but, unfortunately, there’s nothing available yet—at least that we know of. Though it would be pretty cool if someone came up with one. Nudge nudge, wink wink.)

Why are post-Ice Cream Android phones better off?

As Google Android’s lead security engineer explains here, that’s about the time that Google put in place some strong exploit mitigation technologies, like one called Address Space Layout Randomization. “This technology makes it more difficult for an attacker to guess the location of code, which is required for them to build a successful exploit,” Adrian Ludwig writes. He goes on: “(For the layperson — ASLR makes writing an exploit like trying to get across a foreign city without access to Google Maps, any previous knowledge of the city, any knowledge of local landmarks, or even the local language. Depending on what city you are in and where you’re trying to go, it might be possible but it’s certainly much more difficult.)”

You can find a list of similar security technologies implemented since Ice Cream (version 4.0) here.

So I get that I should pressure my phone-maker to push out the fixes. What about my wireless carrier?

Well, if your wireless carrier was real cool, it could create a signature for Stagefright-based attacks, and block those threats on its network. Fiat Chrysler recently worked with Sprint to make its cars much less hackable that way. Your carrier could also help make sure the fix works for older versions of Android, too, rather than just making sure the latest version is protected. The security researcher Nicholas Weaver recently made this point on Twitter.

He suggested something similar for Google, too.

Can I do anything else to be safer?

First, ask your device manufacturer for an update: When will a patch be available and will you be covered? You might also consider changing the settings on your Android apps that use MMS, like Messaging and Hangouts. Un-click “automatically retrieve MMS messages.” In the meantime, consider using Snapchat or WhatsApp to swap clips, GIFs, and whatnot.

Other than that, keep your phone number private, I guess? Drake, the guy who found the flaw, plans to present more details at the Black Hat conference next month.

Okay, thanks for the tips. If I have any other questions, can I call you?

No, sorry. My phone number is private information.

Just testing you!

Ah I see what you did there, you jokester!

TIME Samsung

Samsung’s New Monitor Has a Secret Feature You Wouldn’t Expect

The new Samsung SE370, the industry’s first monitor with an integrated wireless charging function for mobile devices.

Because who wants a screen that just shows pictures?

Samsung has unveiled the SE370 — don’t ask us the company names its devices — and has touted it as the world’s first monitor with an integrated wireless charging function for mobile devices, the company announced in a statement.

Using the Qi wireless charging standard, viewers can place their phone on a circular wireless charging area at the base of the monitor. Charging begins automatically, and you can pass the time by wondering if the second season of True Detective on HBO is really worth your time.

The SE370 also features an eye-saver mode that aims to reduce eye strain and the harmful effects of blue light on monitor viewers. No word from the company, however, on pricing and when the monitor might go on sale.

The release of a phone-charging monitor set can be seen as a complement to Samsung’s line of phones, including their just-released Galaxy S6 and S6 Edge. The monitor can also be interpreted as a way to jumpstart sales of their new models, which failed to prevent Samsung from posting its seventh consecutive decline in profits recently. Analysts were quick to put the blame on Samsung’s flagship smartphone series, the Galaxy S6, and a failure to correctly anticipate the demand for both the S6 and S6 Edge.

Samsung still occupies the largest share of the global smartphone market, however, with around 25% of phones shipped. Samsung also leads the global flat TV market with a 29.2% share.


Should You Fix Your Shattered Phone Screen Yourself?

We tried two different screen-replacement kits to see if DIY repair was worth the time and cost.

We tried to fix two phones with cracked and shattered screens: an iPhone 5 and a Samsung Galaxy S3. One of the phones we tried to repair didn’t even turn on after we changed screens. The other worked, but only just. Its screen flickered and wasn’t as reliable. Once you or a third-party opens your phone, Apple considers any warranty null and void. You need to compare the price of a repair kit to the cost of getting someone else to fix your phone. Once an iPhone is out of warranty, Apple will charge as much as $329 to repair it.

TIME Smartphones

These Were The Top 10 Selling Smartphones in June

Man 94 iPhones Smuggled China
Bloomberg via Getty Images Boxes of iPhone 6 smartphones sit stacked on a counter during the sales launch at the Apple Inc. store in Palo Alto, Calif., on Sept. 19, 2014.

The iPhone is still king.

The Apple iPhone 6 continues to top the list for best selling smartphone globally, maintaining its leadership for 10 straight months.

After declining sales in March and April, Apple’s iPhone 6 and 6 Plus sells have gained since May, topping the most sold lists in the U.S., China and the global market for two months, according to Counterpoint Research. The iPhone 6 maintains dominance in the U.S., while the 6 Plus tops the list in China.

Meanwhile, Samsung has been struggling to keep up. Typically, Apple iPhone will top the list in the first and fourth quarters each year, and Samsung will take the lead in the second and third quarters. This year, that isn’t the case. The iPhone 6 has topped the global charts since September 2014.

Here are the top 10 selling smartphones globally in June:

  1. Apple iPhone 6
  2. Apple iPhone 6 Plus
  3. Samsung Galaxy S6
  4. Samsung Galaxy S6 Edge
  5. Apple iPhone 5S
  6. Xiaomi Mi Note
  7. Samsung Galaxy S5
  8. Samsung Galaxy Note 4
  9. Xiaomi Redmi 2
  10. LG G4

Read More: Apple’s bizarro earnings report.

TIME Companies

Sales of Huawei Smartphones Soar 39%

Mobile World Congress 2015 - Day 2
David Ramos—Getty Images A logo sits illuminated outside the Huawei pavilion during the second day of the Mobile World Congress 2015 at the Fira Gran Via complex on March 3, 2015 in Barcelona, Spain

The Chinese firm is thriving while Samsung and Apple struggle

The future is looking bright for Chinese smartphone-maker Huawei with handset sales up 39% over the first two quarters of 2015.

The firm’s recent success comes from a marked shift in its smartphone sales strategy. This year, Huawei decided to ditch its lower-end models and invest in top of the line phones to compete with global giants Samsung and Apple.

So far, the plan has worked miraculously, the BBC reports. Already, there’s been a 70% increase in shipments for its mid to high-level products, leading to a 30% spike in overall revenue.

The Shenzhen-based company competes with Apple and Xiaowei for market share in China, one of the world’s largest smartphone markets, and also produces mobile phone masts and other telecommunications infrastructure.

By comparison, Xiaomi and Samsung have both seen a recent decline in sales; representatives of Xiaomi have complained that the smartphone market has reached almost complete saturation.


TIME Apple

Apple, Samsung Are in Talks to Kill the SIM Card

Patentstreit zwischen Apple und Samsung
Marcus Brandt—Marcus Brandt/picture-alliance/dpa/AP Images

But don't expect a change until at least 2016, a report says

To use our smart phones, most of us are still beholden to pieces of plastic known as SIM cards. But if Apple [fortune-stock symbol=”AAPL”] and Samsung have anything to do with it, those cards won’t be around for much longer.

The Financial Times reports that the tech giants are in “advanced talks” to start using electronic SIM cards in their smartphones, allowing users more mobility in switching between carriers.

The GSMA, an industry association that represents mobile operators, said that there’s an agreement soon to be announced detailing standards for the new SIMs. However, the new cards aren’t likely to become available for at least a year, according to the report.

“With the majority of operators on board, the plan is to finalise the technical architecture that will be used in the development of an end-to-end remote SIM solution for consumer devices, with delivery anticipated by 2016,” the organization said in a statement.

Anne Bouverot, the CEO of the GSMA, said the organization is continuing to speak with Apple to “secure their support for the initiative.”

“We have got everyone back on one point, with Apple and Samsung agreeing to be part of that specification,” she said. “We have been working with them and others to create an industry solution for machines and will agree a solution for consumer electronics.”

TIME Smartphones

Samsung Just Announced its Thinnest Phone Ever

Samsung A8
Samsung A8

It's just 5.9mm thick

Samsung’s upcoming Galaxy A8 is the company’s thinnest phone ever, measuring up at just 5.9mm thick. The phone, which is being released in China, is slightly thinner than its predecessor, the A7, which measures 6.3mm thick.

The A8 will retail for about $515 and is considered to have mid-range specs otherwise. The all-metal phone from Samsung isn’t the thinnest ever made in general, notes The Verge. It is, however, thinner than Apple’s iPhone 6, which measures 6.9mm thick. Samsung’s flagship product, the Galaxy S6, is 7.1mm thick.

Interestingly, the next iPhone may be thicker than its current offerings. Fortune previously reported Apple’s next iPhone phone could be 0.2mm thicker, according to an Apple analyst’s prediction.

Thinness is often a trade-off in smartphones, as thicker phones can fit larger batteries, generally helping battery life performance.

The launch of an even slimmer phone comes as Samsung recently announced it will move up the launch of the upcoming Galaxy Note 5 to August, as opposed to September. That change could help Samsung get ahead of the hype surrounding Apple’s next iPhone.

MONEY cellphones

Does Putting a Wet iPhone in Rice Really Work?

We decided to test out the theory with an iPhone and a Samsung Galaxy.

Anyone who’s dropped their phone in a toilet, sink, or swimming pool has probably heard that the way to salvage a waterlogged device is to submerge it in a container of uncooked rice. The theory is that the rice will suck all the moisture out off your phone’s nooks and crannies and bring it back to life.

But does it work in practice? MONEY decided to find out. For the test, we bought two (functioning) used phones on eBay, dropped them in buckets of water and left them submerged for several seconds, then plunged them in uncooked rice and left them over the weekend. Here’s what happened.

Read next: The Trick to Getting a Really Good Cell Phone for Less

TIME Security

Samsung Says It’s Fixing a Nasty Security Flaw

Samsung Galaxy S6 Active
Samsung Samsung Galaxy S6 Active

Security update will be available in the coming days

Samsung is planning a security update after researchers uncovered a vulnerability that could threaten as many as 600 million Galaxy phones. The company said in a statement Thursday that it will roll out an update in the coming days to address the issue, which makes phones vulnerable when downloading updates for the SwiftKey keyboard.

The vulnerability was discovered by the security company NowSecure last fall and made public this week. The SwiftKey keyboard searches for language pack updates over unencrypted lines, making it vulnerable to attack. In a statement, Samsung noted that the probability of a hacker actually exploiting the vulnerability was low.

Owners of the Galaxy S4 and more recent models will have the security update automatically pushed to their phones. To ensure your phone receives automatic updates, go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. Users of older Galaxy models will have a firmware update made available to them that they can download.

TIME Gadgets

5 Great Cameras For Capturing Your Summer Fun

Canon PowerShot G7 X
Canon Canon PowerShot G7 X

Get better results than your smartphone

Smartphone cameras are getting better with every generation of new phone, but they still aren’t necessarily the best solution for every shot. For instance, while you can get a waterproof case to bring your handset on a dive, most people aren’t comfortable with taking their entire digital life into the deep. Likewise on shots that require ample zoom — of course you can pinch at the touchscreen to get in closer, but that sacrifices image quality.

Luckily there’s an old fashioned solution for these modern problems: cameras. Dedicated to making the best of light and color, these single-tasking devices may have been around forever, but they’re still getting better every year. These five standalone shooters will capture this summer’s memories in much richer detail than anything that you can also play Trivia Crack on.

Canon PowerShot G7 X

Point-and-shoot cameras like this little big shot won’t weigh you down while on a hike or a sightseeing trek. With better lenses and image sensors than your smartphone, you’ll collect sharper looking memories. With a one-inch, 20.2 megapixel CMOS sensor, the $699 Powershot G7 X already has enough tech to blow your smartphone away in a shootout. But with Wi-Fi and NFC connectivity, the 9.8 ounce camera has the same connectivity as your iPhone, though it weighs 5 ounces more.

With that extra heft you also get a 4.2-time zoom lens that, when multiplied by the 4-time digital zoom, actually provides nearly 17 times the magnification. But you’re probably wondering about the most important facet of photography today: selfies. Thankfully the G7 X’s 3-inch touchscreen display flips around perfectly so you can document yourself, your friends, and all your hot summer fun.

HTC Re Camera

Too often, rather than capturing the moment, cameras just get in the way. Resembling a periscope, HTC’s $149 Re Camera eschews full-color display screens for a simple record button, making it a true point-and-shoot. Packing a 16 megapixel sensor and a wide-angle, 146-degree lens, Re shoots 30-frame-per-second 1080p video and photos that it stores on microSD cards with up to 128 gigabytes of storage.

Able to operate one meter under water for 30 minutes, it can take 1,000 photos on a single charge. Hopefully your thumb can keep up, because to take pictures, all you need to do is tap the button (or press it down to shoot a video). Re also has a line of mounting accessories so photographers can attach it to everything from a handlebar to a backpack. And when it’s time to relive your memories, the Bluetooth-equipped camera can connect to your Android or iOS phone, sending images to an accompanying app.

Leica Q

If you’re as much about the tool as you are the artwork, Leica’s latest compact is going to make you feel like a painter playing with Vincent van Gogh’s brushes — and for $4,250, it ought to. A full-frame, fixed lens digital camera, the Leica Q was designed with speed in mind, with a fastest-in-class Summilux 28mm f/1.7 ASPH lens and 24 megapixel CMOS sensor. An integrated 3.68 megapixel viewfinder pops up as soon as you bring the camera to your eye, snapping in the autofocus and shooting up to 10 full-resolution frames per second, with JPEGs instantly ready for reviewing.

With full manual controls, seasoned shutterbugs can make the most of their shots and even get some assistance from “focus peaking” and “live view zoom” features. And with modern networking chops through Wi-Fi, the images can be streamed over to the Leica app for viewing, saving and sharing.

Olympus OM-D E-M1

Into each summer, some rain must fall. And on those days, you’ll want to have the weatherproof Olympus OM-D E-M1 in your camera bag. A lightning-fast mirrorless camera with a 1/8000 shutter speed, the $1,099 micro four third fits into an interchangeable system that currently has more than 70 different lenses. And with a magnesium alloy body, the E-M1 is able to brave the dirt, water, and freezing temperatures to snap up hard-to-capture images.

While this all makes it sound like a physical specimen, the pro-level shooter is only 1.1 pounds. And it’s packing a range of creative options on its internal software, including a dozen filters and a multi-exposure mode. That means you can spend more time on your photos and less on your computer — which is a much better way to enjoy a summer day.

Samsung NX500

The next big thing in imagery is 4K resolution, and the best way to add it to your arsenal minus a couple of Gs might be the Samsung NX500. A lower-cost, interchangeable lens, mirrorless camera with an easy-to-handle form-factor, the $599 (current price) rig features a comfortable, ergonomic grip and an easy-to-access control dial, giving it a throwback manual feel that will keep you from having to dive into the touchscreen all the time. Another similar perk is its “mobile” button that instantly activates the NX500’s Bluetooth, NCF, and Wi-Fi connectivity features.

And while these physical benefits are great, the imaging smarts inside are excellent too, like the camera’s 28 megapixel image sensor, the highest resolution APS/C size sensor on the market. The NX500’s DRIMe Vs photo processor drives software like Auto Shot, a predictive algorithm that locks on to moving targets to anticipate the perfect picture. These chops also lend themselves to the camera’s 4K video mode, which shoots in 24 frames per second. That’s not as fast as the 60 frame per second 1080p mode, but it’s plenty good for capturing an endless summer.

Your browser is out of date. Please update your browser at http://update.microsoft.com