Right now, 275 million mobile devices are in danger of being attacked by the worst Android security bug in history. It's a variation on Stagefright, which you might remember was a huge embarrassment to Google last year.
The Stagefright bug affected almost 1 billion Android gadgets. It could sneak in malicious code onto your Android devices through the built-in Stagefright media playback library. That bug is what prompted Google and its manufacturing partners to begin issuing monthly security updates.
Stagefright, fortunately, was a theory that no hackers actually exploited. Unfortunately, there's now proof that the Stagefright vulnerability can be attacked, according to cybersecurity experts. They've dubbed the proof of concept "Metaphor."
The Metaphor attack takes as little as 20 seconds to affect your smartphone. The attack works by tricking you into tapping on a link to a site with a malicious multimedia file in it. Once you do that, the attackers can take over your smartphone and steal your personal information, like your credit card numbers. Worse, the hackers can activate your camera and microphone.
Metaphor proves that Stagefright affects a wide range of Android smartphones, according to cybersecurity experts. Those include un-patched versions of Google's Nexus 5, HTC One, LG G3 and Samsung's S5.
There is a bit of good news here. Google has been aware of the vulnerability for some time and has released a fix. That means the Stagefright attack affects only older versions of Android (2.2 through 4, along with 5.0 and 5.1).
Google's current version, Android 6.0 Marshmallow, Android 5.1.1 and Android 5.0 and 5.1 with security updates after October 2015 shouldn't be vulnerable. Still, that leaves more than a quarter-billion Android gadgets in trouble.
To see if your gadget is vulnerable, go to Settings>>About Phone and check for the Android version number. You should also look for the Android security patch level. You want it to be something after October 2015.
You should also go to Settings>>About Phone (or System Updates depending on your gadget)>>Check Now to see if there are new system updates. Note: Keep reading Happening Now for news about Android security patches.
Unfortunately, if you're using an older gadget, you might not have any security updates available and none will be coming. Manufacturers and carriers tend to abandon gadgets more than a few generations old.
You can take some steps to avoid Metaphor, however. The big one is not to tap on unsolicited or suspicious links in text messages or email.
Also, as we said, Metaphor takes about 20 seconds to run and involves two crashes of the media system. If you're on a page and the phone starts behaving oddly, immediately close your browser and you might stop the attack before it can finish.
No matter what version of Android you're running, it also a good idea to have a security app installed to catch malicious apps and other threats.