Skip to main content
  1. Home
  2. Mobile
  3. News

New Stagefright exploit could scare millions of Android users

By

If you’re an Android owner, it’s important to make sure that your device is always up to date, not just so you can take advantage of the great features that Google is constantly adding to the operating system, but also so you can avoid being left vulnerable to dangerous bugs. Case in point: Stagefright.

Security researchers have demonstrated exploiting the Stagefright bug, using it to remotely hack an Android phone, something that could be done to millions of other Android devices. The hack was recently described in a report from Wired, and would enable hackers to gain complete access to a devices’ files, which they could copy or delete, as well as access to the camera and microphone.

Recommended Videos

The bug was hacked by security research firm NorthBit, who claimed it had “properly” hacked the bug, which has been described as the “worst ever detected.” The hack that the team used is called Metaphor, and it was demonstrated in a video using the Google Nexus 5, however scarily enough the team has also reportedly hacked the likes of the LG G3, the HTC One, and the Samsung Galaxy S5.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

While Google did promise regular security updates after Stagefright, and later Stagefright 2.0, was first discovered, it seems as though not all versions of Android have been patched just yet. The team was able to hack devices running Android 2.2, 4.0, 5.0, and 5.1. Thankfully, other versions of Android don’t seem to be affected by the issue. Of course that’s little consolation when a whopping 36 percent of Android devices run Android 5.0 or 5.1, leaving millions upon millions of users open to the hack. Basically, those that lack the latest security updates are vulnerably to the hack.

Stagefright is a software library that is written in C++ and is included inside Android. It is susceptible to being exploited when an MMS message with a video file is sent to the device in question, and if the video was coded in a certain way, it could be used to activate a malicious code. Stagefright 2.0 was later discovered, doing the same thing, but exploiting issues in mp3 and mp4 files. Google did start releasing patches for the bug, however it seems as though the company has not yet released patches for all versions of Android.

Check out the video below to see Stagefright being exploited on a Google Nexus 5.

Metaphor - Stagefright Exploitation Breaking ASLR

Updated on 03-26-2016 by Christian de Looper: Clarified what Stagefright enables hackers to gain access to.

Christian de Looper
Christian de Looper
Former Digital Trends Contributor
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Topics

Editors’ Recommendations

Google fixes the vibrating Android 16 bug that was frustrating users
Android-16-Beta 3.2

Android 16 arrived last month, and users have been enjoying new features including live updates from apps like food delivery or ride hailing, audio sharing so you can listen to music with friends over Bluetooth, and support for adjusting screen refresh rates to keep up with newer displays. However, there have been a few annoyances with the new features too, like issues with the haptic feedback. Now, Google is rolling out a new beta version of the OS, Android 16 Beta 3.2, to address these issues.

The fix for haptic feedback is the biggest change in the new release. In Android 16, Google added more options for developers to control the way your phone buzzes when taking certain actions or getting certain notifications. The light vibrations help with navigation and awareness, though these aren't changes to the Android notification system itself -- rather, there are now more options for app developers to make use of fine-grained haptics.

Read more
With Google Gemini, Android Auto could make your drive safer, more enjoyable
A demonstration of Gemini Live on a Google Pixel 9.

Google is in the process of rolling out Android Auto 14.0 to the public. While the update doesn’t include any new features, it suggests a significant change is coming.

As 9to5Google explains, the update hints that Gemini is set to replace Google Assistant in Android Auto. Behind the scenes, there are also image assets for Gemini and Gemini Live.

Read more
Google is working on a cleaner backup interface for Android users
google is working on a cleaner backup interface for android users pixel home screenf

Google is redesigning the backup page on Android to give it a cleaner and more organized appearance. This update is part of the Google Play Services version 25.11.32 beta, as reported by Android Authority.

The Android backup page can be found in the Settings app under System > Backup. It allows users to manage and control the data backed up from their phones or tablets to their Google Accounts. You can initiate backups for various data types, including apps and app data, contacts, SMS, and MMS messages.

Read more