Skip to main content
  1. Home
  2. Mobile
  3. News

New Stagefright exploit could scare millions of Android users

Christian de Looper
By

Android Phones
Image used with permission by copyright holder
If you’re an Android owner, it’s important to make sure that your device is always up to date, not just so you can take advantage of the great features that Google is constantly adding to the operating system, but also so you can avoid being left vulnerable to dangerous bugs. Case in point: Stagefright.

Security researchers have demonstrated exploiting the Stagefright bug, using it to remotely hack an Android phone, something that could be done to millions of other Android devices. The hack was recently described in a report from Wired, and would enable hackers to gain complete access to a devices’ files, which they could copy or delete, as well as access to the camera and microphone.

Recommended Videos

The bug was hacked by security research firm NorthBit, who claimed it had “properly” hacked the bug, which has been described as the “worst ever detected.” The hack that the team used is called Metaphor, and it was demonstrated in a video using the Google Nexus 5, however scarily enough the team has also reportedly hacked the likes of the LG G3, the HTC One, and the Samsung Galaxy S5.

Related

While Google did promise regular security updates after Stagefright, and later Stagefright 2.0, was first discovered, it seems as though not all versions of Android have been patched just yet. The team was able to hack devices running Android 2.2, 4.0, 5.0, and 5.1. Thankfully, other versions of Android don’t seem to be affected by the issue. Of course that’s little consolation when a whopping 36 percent of Android devices run Android 5.0 or 5.1, leaving millions upon millions of users open to the hack. Basically, those that lack the latest security updates are vulnerably to the hack.

Stagefright is a software library that is written in C++ and is included inside Android. It is susceptible to being exploited when an MMS message with a video file is sent to the device in question, and if the video was coded in a certain way, it could be used to activate a malicious code. Stagefright 2.0 was later discovered, doing the same thing, but exploiting issues in mp3 and mp4 files. Google did start releasing patches for the bug, however it seems as though the company has not yet released patches for all versions of Android.

Check out the video below to see Stagefright being exploited on a Google Nexus 5.

Metaphor - Stagefright Exploitation Breaking ASLR

Updated on 03-26-2016 by Christian de Looper: Clarified what Stagefright enables hackers to gain access to.

Editors' Recommendations

Topics
Christian de Looper
Christian de Looper
Contributor
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
Google is launching a powerful new AI app for your Android phone
Google Gemini app on Android.

Remember Bard, Google’s answer to ChatGPT? Well, it is now officially called Gemini. Also, all those fancy AI features that previously went by the name Duet AI have been folded under the Gemini branding. In case you haven’t been following up all the AI development flood, the name is derived from the multi-modal large language model of the same name.

To go with the renaming efforts, Google has launched a standalone Gemini app on Android. Moreover, the Gemini experience is also being made available to iPhone users within the Google app on iOS. But wait, there’s more.

Read more
I used a new type of smartphone that could replace Android
Two phones running Apostrophy OS, sitting next to each other on a chair.

When you buy a phone today, your first decision is to decide which operating system you want: Android or iOS. We've seen other platforms come and go over the years, from Windows Phone to Palm OS, but Android and iOS remain your two sole choices in 2024.

One of the last things I saw at CES 2024 earlier this month was a smartphone operating system that's trying to be that third choice between Android and iOS. It's called Apostrophy OS (also referred to as AphyOS), and I got to play around with it while also chatting with Apostrophy CEO Steve Cistulli to learn about the could-be Android and iOS alternative.
What is Apostrophy OS?

Read more
You should pay attention to TCL’s two new Android tablets
A close-up render of the TCL NXTPAPER 14 Pro tablet.

During CES 2024 in Las Vegas, TCL unveiled two new tablets: the TCL NxtPaper 14 Pro and Tab 10 NxtPaper 5G.

Both devices feature the company’s recently announced TCL NxtPaper 3.0 technology. This isn't the first time we've seen NxtPaper technology from TCL, but the 3.0 version has some pretty promising upgrades.
What's new with NxtPaper 3.0
TCL has improved its popular display technology with the release of TCL NxtPaper 3.0. This technology provides a full-color, paper-like experience while retaining the benefits of traditional LCD screens. The latest version has Circularly Polarized Light (CPL) screens, which mimic natural light’s “emission/reflection/refraction” path. This feature creates a visual experience similar to reading books under natural light, resulting in extra eye comfort and a more paper-like screen.

Read more