Skip to main content

New Stagefright exploit could scare millions of Android users

Android Phones
Image used with permission by copyright holder
If you’re an Android owner, it’s important to make sure that your device is always up to date, not just so you can take advantage of the great features that Google is constantly adding to the operating system, but also so you can avoid being left vulnerable to dangerous bugs. Case in point: Stagefright.

Security researchers have demonstrated exploiting the Stagefright bug, using it to remotely hack an Android phone, something that could be done to millions of other Android devices. The hack was recently described in a report from Wired, and would enable hackers to gain complete access to a devices’ files, which they could copy or delete, as well as access to the camera and microphone.

Recommended Videos

The bug was hacked by security research firm NorthBit, who claimed it had “properly” hacked the bug, which has been described as the “worst ever detected.” The hack that the team used is called Metaphor, and it was demonstrated in a video using the Google Nexus 5, however scarily enough the team has also reportedly hacked the likes of the LG G3, the HTC One, and the Samsung Galaxy S5.

Please enable Javascript to view this content

While Google did promise regular security updates after Stagefright, and later Stagefright 2.0, was first discovered, it seems as though not all versions of Android have been patched just yet. The team was able to hack devices running Android 2.2, 4.0, 5.0, and 5.1. Thankfully, other versions of Android don’t seem to be affected by the issue. Of course that’s little consolation when a whopping 36 percent of Android devices run Android 5.0 or 5.1, leaving millions upon millions of users open to the hack. Basically, those that lack the latest security updates are vulnerably to the hack.

Stagefright is a software library that is written in C++ and is included inside Android. It is susceptible to being exploited when an MMS message with a video file is sent to the device in question, and if the video was coded in a certain way, it could be used to activate a malicious code. Stagefright 2.0 was later discovered, doing the same thing, but exploiting issues in mp3 and mp4 files. Google did start releasing patches for the bug, however it seems as though the company has not yet released patches for all versions of Android.

Check out the video below to see Stagefright being exploited on a Google Nexus 5.

Metaphor - Stagefright Exploitation Breaking ASLR

Updated on 03-26-2016 by Christian de Looper: Clarified what Stagefright enables hackers to gain access to.

Christian de Looper
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Google just announced Android 16. Here’s everything new
The Android 16 logo on a smartphone, resting on a shelf.

No, that headline isn't a typo. A little over a month after Android 15 was released to the masses in October, Google has already announced Android 16 and begun rolling out its first developer beta of the newest Android version.

If this seems like a much earlier release than usual, that's because it is. We typically expect the first developer beta of the next Android update to arrive in February. For Android 16, however, Google has pushed the timeline up by a few months and launched Android 16 Developer Preview 1 in mid-November.
Why Android 16 is launching so much earlier

Read more
This new Android phone looks like a photographer’s dream
Sharp Aquos R9 Pro

Sharp has announced an intriguing new phone aimed at mobile photographers. It's called the Sharp Aquos R9 Pro, and while it may not have the best name, there's a lot to talk about here.

The Aquos R9 Pro has many interesting features, starting with its gigantic camera bump on the back, which houses three powerful cameras: a 50.3-megapixel primary camera, a 50.3MP telephoto camera, and a 50.3MP ultrawide camera. The cameras are surrounded by a vegan leather backplate.

Read more
Android 15 is now rolling out to Pixels. Here’s what’s new
Android 15 logo on a Google Pixel 8.

The wait for a next-generation Android experience is finally over. Google today released the public version of Android 15, and it is now making its way to compatible phones, starting with the company’s Pixel series of smartphones.

Among the key areas where Android 15 brings the biggest set of upgrades are safety and privacy. To that end, users will soon be able to create a safe space for all their sensitive apps, locked behind their device’s local password or biometric layer.

Read more