Over 1 billion Android phones vulnerable to Stagefright 2.0

android_logo Over a billion Android smartphones (and other devices) are UNDER ATTACK! by a new security vulnerability, which has been called Stagefright 2.0.

Obviously, that means there was an original Stagefright bug, so this is a new and improved security threat. The vulnerability allows hackers to take over an Android phone by sending it an MMS message, and it works by exploiting holes via an MP3 or MP4 video.

Mark James, a security specialist at ESET said: "Visiting a website and previewing an infected song or video file could enable the attacker to gain access to your mobile device and run remote code, in theory allowing them full access to your device enabling them to do whatever they wish ... including installing other malware, or just harvesting your data for use in identity theft."

All very typical thus far. Now, for some more techie stuff.

"The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright),” said Zimperium, the company that first disclosed the original Stagefright bug."

"The security holes lie within the media processing systems of Android, which can be broken, potentially allowing access to the the rest of the smartphone using specially crafted MP3 audio files or MP4 videos – both common formats for songs and videos."

Okay? Good. Now, back to Mark James - seeing as very few people have got to this bit of the article because they're bored and would rather be looking at cats on Reddit, he's got the job of finish the tale to no-one.

"The first version of Stagefright required some information, namely your mobile number to be able to send the text message to your device,” says James. This new version does not even need to know any of your information to be successful. This, in theory, enables a much wider audience and indeed could enable access to over 1bn android devices."

Google have been notified and are going to be patched some time this month. As a further bit of security, here are the best apps you can download to protect your phone from malware and the like. Stay safe, children.

What do you think?

Your comment