Millions of Android phones potentially at risk from new Stagefright exploit


If there was ever a reason to make sure you keep your Android device updated with the latest security updates then this is it.

Millions of Android smartphones which are not running the latest security updates are potentially vulnerable to a new exploit which capable of compromising a device in less than 20 seconds, security experts have claimed.

According to Israeli security firm NorthBit, the newly discovered Stagefright exploit nicknamed ‘Metaphor’, can be used to hack some of the most popular handsets on Android, including the Google Nexus 5, Samsung Galaxy S5, HTC One and LG G3.

In the research released by NorthBit, researchers claimed they found an exploit which affects Android devices running 2.2 and 4.0 of Google’s operating system.

The Stagefright hack first hit the headlines in 2015 and at the time was described at the time “worst Android vulnerabilities discovered to date.”

Stagefright works by luring the victim in via a carefully crafted web page or SMS which contains a malicious MP4 video file. When the file is opened by the user it crashes Android’s multimedia system, forcing it to reboot. Once it has restarted, a malicious piece of code is then hosted in the device which sends private user data back to the servers of the hacker.

Following the discovery of Stagefright, Google promptly released a security patch. However, many devices remained at risk as it is up to individual manufacturers to then push the security fix onto their own versions of Android, which takes time.

In response to the latest threat Google has said that all devices which installed the Android security update released in October 2015, will be protected from the latest threat.

“Android devices with a security patch level of October 1, 2015 or greater are protected because of a fix we released for this issue (CVE-2015-3864) last year. As always, we appreciate the security community’s research efforts as they help further secure the Android ecosystem for everyone,” Google said in a statement.

However, before you think about making the switch over to Apple, be aware that while potentially millions of Android users are at risk (and the key word here is ‘potentially’), providing you keep your old Android device updated with the latest security patches you will have nothing to worry about.

And if you’re using an Android device that runs either Android Marshmallow or Lollipop – the two most common versions of Android – then you are automatically protected from the Stagefright threat.

While the discovery of potential threats to Android shouldn’t be played down, the reality is that for most users there’s normally not much to worry about.

Security warnings of this nature perhaps best serve as a reminder to keep your device updated, rather than let you think your device will be immediately taken over by some unknown hacker.

Source: Endagadget



Comments are closed.