CHINA TOPIX

11/25/2024 12:05:00 am

Make CT Your Homepage

Stagefright 2.0 Bug Puts Android Users At Risk: Google Announces Release Date of Patch To Protect Users

Android

(Photo : closari) Stagefright 2.0 - a bug that is placing almost all android devices at risk using an MP3 or MP4 file.

Approximately two months after Google fixed the stagefright bug, another bug has been discovered by experts. They named it stagefright 2.0, a set of two vulnerabilities making Android users at risk.

The first stagefright bug was known to make use of an MMS message to gain access to a smartphone. The new bug Stagefright 2.0, on the other hand, uses an MP3 audio file or an MP4 video file, Mirror UK reports.

Like Us on Facebook

Even though your current smartphone may be protected from the first stagefright bug because of Google's update, such will not be able to protect your smartphone from this new bug.

Joshua Drake, a researcher from Zimperium security, the company who found this vulnerability, said that one of these two vulnerabilities affects "almost every Android device" including those that were released starting the year 2008. The other vulnerability allows the hackers to trigger the first vulnerability even in devices that run 5.0 and above.

Zimperium security confirmed that the vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue.

The primary attack vector of MMS has been removed from Google's Hangouts and Messenger apps as the experts suggest that the attack would most likely come from the web browser.

These experts further added that once the device gets infected, hackers can fully control the device -- accessing the camera, microphone including other features. Drake also added that these hackers can do anything they want, imagination being its only limit.

On top of this, once the file is downloaded, the hacking begins even before the victim realizes it. Because it is so silent, the smartphone user may not be able to notice anything which generally makes this bug more risky.

Google and the big telecommunications and smartphone companies like Samsung, HTC, LG and Sony have already been informed about this bug and the danger it brings to smartphone users.

Just recently, according to Motherboard, a spokesperson from Google said that the patch will be delivered to its Nexus Phone users in October 5 and is currently working on with manufacturers and carriers ith high hopes that it will roll out the update the soonest possible time.

Real Time Analytics