Skip to main content
  1. Home
  2. Mobile
  3. News

New Stagefright exploit could scare millions of Android users

By

Android Phones
Image used with permission by copyright holder
If you’re an Android owner, it’s important to make sure that your device is always up to date, not just so you can take advantage of the great features that Google is constantly adding to the operating system, but also so you can avoid being left vulnerable to dangerous bugs. Case in point: Stagefright.

Security researchers have demonstrated exploiting the Stagefright bug, using it to remotely hack an Android phone, something that could be done to millions of other Android devices. The hack was recently described in a report from Wired, and would enable hackers to gain complete access to a devices’ files, which they could copy or delete, as well as access to the camera and microphone.

Recommended Videos

The bug was hacked by security research firm NorthBit, who claimed it had “properly” hacked the bug, which has been described as the “worst ever detected.” The hack that the team used is called Metaphor, and it was demonstrated in a video using the Google Nexus 5, however scarily enough the team has also reportedly hacked the likes of the LG G3, the HTC One, and the Samsung Galaxy S5.

Related

While Google did promise regular security updates after Stagefright, and later Stagefright 2.0, was first discovered, it seems as though not all versions of Android have been patched just yet. The team was able to hack devices running Android 2.2, 4.0, 5.0, and 5.1. Thankfully, other versions of Android don’t seem to be affected by the issue. Of course that’s little consolation when a whopping 36 percent of Android devices run Android 5.0 or 5.1, leaving millions upon millions of users open to the hack. Basically, those that lack the latest security updates are vulnerably to the hack.

Stagefright is a software library that is written in C++ and is included inside Android. It is susceptible to being exploited when an MMS message with a video file is sent to the device in question, and if the video was coded in a certain way, it could be used to activate a malicious code. Stagefright 2.0 was later discovered, doing the same thing, but exploiting issues in mp3 and mp4 files. Google did start releasing patches for the bug, however it seems as though the company has not yet released patches for all versions of Android.

Check out the video below to see Stagefright being exploited on a Google Nexus 5.

Metaphor - Stagefright Exploitation Breaking ASLR

Updated on 03-26-2016 by Christian de Looper: Clarified what Stagefright enables hackers to gain access to.

Editors’ Recommendations

Topics
Christian de Looper
Christian de Looper
Contributor
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
October 15 could be the day Android fans have been waiting for
Private Space option in app library of Android 15.

The official release of Android 15 has been delayed way longer than anyone expected, but we can finally see the light at the end of the tunnel. According to a report from Android Headlines, the next version of Android will hit the market on October 15.

This is a marked departure from how Google has handled the launch in the past. Typically, the latest version of Android releases with the latest version of the Pixel, but that wasn't the case this year with the August release of the Google Pixel 9. In a way, Android 15 is releasing at its usual time; the Pixel was just early.

Read more
This new Android phone could give the Google Pixel 8a a run for its money
Infinix Zero 40 5G.

Here in the United States, we have access to a lot of different phones -- but we're missing out on many of the best bang-for-your-buck budget devices available in other parts of the world. The launch of the Infinix Zero 40 5G is yet another reminder of low- or midrange phones that never see a Western release, especially since it would be a solid competitor to the Google Pixel 8a.

The Infinix Zero 40 5G has a lot going for it, especially considering it costs around $335 to $370 depending on your configuration (versus the current sale price of $399 for the Pixel 8a.) It even has a feature I've never seen in another phone: a GoPro mode. Just look at how travelers can use it to control their cameras.

Read more
Android 16 could give your phone a big redesign
Someone holding the Google Pixel 9 with the screen on.

Google is set to release Android 15 to the general public soon, so attention is slowly turning to Android 16, which is expected to launch toward the end of next year. Android Authority recently discovered intriguing information about this update from the Android 15 QPR1 beta.

In the beta, the site discovered that Google plans a "complete redesign" for Android's Notifications and Quick Settings panels. The current design dates back to Android 12 when Google introduced its Material You design language. It provides a uniform appearance, including the initial four Quick Setting tiles and the entire notifications panel.

Read more