Skip to main content
  1. Home
  2. Mobile
  3. Android
  4. News

New Stagefright exploit could scare millions of Android users

Christian de Looper
By

Android Phones
If you’re an Android owner, it’s important to make sure that your device is always up to date, not just so you can take advantage of the great features that Google is constantly adding to the operating system, but also so you can avoid being left vulnerable to dangerous bugs. Case in point: Stagefright.

Security researchers have demonstrated exploiting the Stagefright bug, using it to remotely hack an Android phone, something that could be done to millions of other Android devices. The hack was recently described in a report from Wired, and would enable hackers to gain complete access to a devices’ files, which they could copy or delete, as well as access to the camera and microphone.

The bug was hacked by security research firm NorthBit, who claimed it had “properly” hacked the bug, which has been described as the “worst ever detected.” The hack that the team used is called Metaphor, and it was demonstrated in a video using the Google Nexus 5, however scarily enough the team has also reportedly hacked the likes of the LG G3, the HTC One, and the Samsung Galaxy S5.

While Google did promise regular security updates after Stagefright, and later Stagefright 2.0, was first discovered, it seems as though not all versions of Android have been patched just yet. The team was able to hack devices running Android 2.2, 4.0, 5.0, and 5.1. Thankfully, other versions of Android don’t seem to be affected by the issue. Of course that’s little consolation when a whopping 36 percent of Android devices run Android 5.0 or 5.1, leaving millions upon millions of users open to the hack. Basically, those that lack the latest security updates are vulnerably to the hack.

Stagefright is a software library that is written in C++ and is included inside Android. It is susceptible to being exploited when an MMS message with a video file is sent to the device in question, and if the video was coded in a certain way, it could be used to activate a malicious code. Stagefright 2.0 was later discovered, doing the same thing, but exploiting issues in mp3 and mp4 files. Google did start releasing patches for the bug, however it seems as though the company has not yet released patches for all versions of Android.

Check out the video below to see Stagefright being exploited on a Google Nexus 5.

Metaphor - Stagefright Exploitation Breaking ASLR

Updated on 03-26-2016 by Christian de Looper: Clarified what Stagefright enables hackers to gain access to.

Editors' Recommendations

Video-editing app LumaFusion to get a Galaxy Tab S8 launch

A tablet featuring the LumaFusion video editing app.

The Motorola Edge (2022) could be a great Pixel 6a alternative

The front of the Motorola Edge (2022) with the display on.

Does the Samsung Galaxy Z Fold 4 come with a charger? Here’s why not

Samsung Galaxy Z Fold 4 and Galaxy Z Flip 4.

ColorOS 13 is coming in August — and it’s better than expected

Oppo ColorOS 13's splash page on the Oppo Find X5 Pro.

Android 13: Everything we know about Google’s big OS update

Android 13 logo on a Android logo background.

Best smartwatch deals for August 2022

Android 13 is here, and you can download it on your Pixel phone right now

Official artwork of Android 13

The best Samsung Galaxy Z Flip 4 screen protectors

Samsung Galaxy Z Flip 4.

Best Garmin watch deals for August 2022

An orange Garmin Instinct smartwatch being shown on a wrist.

Best Amazon Fire tablet deals for August 2022

Amazon Fire HD 10 in hand.

Spotify offers 3 months of free Premium. Here’s how to get it

youtube paid music service march launch listening to

Nothing Phone 1’s numerous LEDs counted by YouTuber

Nothing Phone 1 Glyph Interface lights.

The PlayStation Backbone is a great mobile gaming controller, but a bad PS5 companion

The DualSense Backbone resting on a window sill displaying the PS5 logo on its screen.