VPN Articles and News

Stagefright Android Vulnerability Is Back With A Bang

By
Monday, October 17th, 2016


Just when the world thought that the Stagefright Android vulnerability has been buried, the malware has come back from the dead. Dubbed as the “worst ever Android bug in history”, the vulnerability is not only back for the third time, it is more powerful than ever and has the potential to infect as many as one billion Smartphones and tablets. Like the previous versions of the malware, the latest reincarnation of the vulnerability (also nicknamed as Metaphor by the security experts) is capable of stealing data, compromising the security of the device as well as hijacking the Android Operating System.

Stagefright was first discovered in May’ 2015 by the mobile security firm Zimperium. The first version of the vulnerability compromised the security of millions of Android devices and what’s worse, it affected devices manufactured by all the manufacturers. The malware took advantage of a security flaw present in media playback engine (also called Stagefright) that was introduced in version 2.2 of Android. The worst part of the vulnerability was that it allowed hackers to target any Android device just by sending a small MMS clip (with a malicious code embedded in it) to the mobile number associated with the device.

Just like the previous two versions of Stagefright, Metaphor allows hackers to gain control over a victim’s device in as little as 10 seconds. The latest incarnation of the bug only affects Smartphones and tablets which are still using older versions of Android (older than Android 4.0). Earlier many security experts said that while the bug was present in over a billion devices, it was difficult to exploit because of different types of implementations carried out by the manufacturers. However, Israeli security firm NorthBit has created a proof-of-concept video where it shows how its security experts were able to hack into a Nexus 5 device by exploiting the vulnerability. The firm also said later that it was able to compromise the security of Samsung Galaxy S5, HTC One and LG G3 Smartphones with the exact same method.

The working methodology of the latest version of Stagefright is very similar to its earlier versions. First of all, the user is tricked into visiting a website set up by the hackers. The website contains a malicious video file which gets automatically downloaded into the victim’s device as soon as the user visits the webpage. The malicious file resets the device’s Operating System and receives yet another compromised file from the third party servers set up by the attackers. Once the security of the device has been compromised, the hackers can not only steal data contained in it, they can even take complete control of the device as well as use camera and microphone.

As you can see, Stagefright can not only steal data and take control of an Android device; it has the potential of totally destroying a Smartphone and tablet. If your Smartphone or tablet is still running on an older version of Android (older than Android 4.), it is in your best interest to upgrade your Operating System and install an anti-malware app immediately.


October 17, 2016
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


4 + 8 =