CHINA TOPIX

11/23/2024 09:20:45 pm

Make CT Your Homepage

New Stagefright Strain Threatens Millions of Android Devices

Android

(Photo : Getty Images) Mobile security researchers say the Stagefright flaw which affected many Android devices last year may have not been resolved.

Mobile security experts claim that a large number of Android devices - including the ones running on the latest version of the platform - are vulnerable to a security flaw that was previously considered to be fully patched. The Stagefright security flaw caused a major disturbance in the Android community late in 2015 and now a new variant of it is once again threatening millions of users.

Like Us on Facebook

To highlight the loophole, security researchers at Northbit created a proof-of-concept Stagefright exploit known only as Metaphor. While this strain of the hack was developed and tested in a controlled environment, security experts are worried that hackers might be able to create their own version of the exploit which could potentially affect millions of Android devices worldwide.

Reports indicate that the main key in the Metaphor exploit is the back-and-forth procedure that gauges an Android device's security mechanisms. The new strain of Stagefright comes in the form of a maliciously-designed MPEG-4 video, which can be embedded into a website. Once users access this video file, the attack will commence and will crash Android's media server which will then allow hackers to send important hardware data to them. A secondary video file can be sent in order to collect additional security information, while the last video file is what actually infects the device, according to Engadget.

While the whole operation demands a lot of work, the attack can spread quickly. A typical breach will only take 20 seconds. The hack is reportedly most effective when applied on a Nexus 5 device that runs on stock firmware. However, the exploit also works on customized versions of Android found on devices like the LG G3, HTC One and Samsung Galaxy S5.

Following the release of the report, Google responded saying that all Android devices that have downloaded the security patch released on Oct. 1, 2015, or newer are protected.

Real Time Analytics