Several months ago, Google addressed a bug several months ago called Stagefright that infects Android devices through a text message, as HNGN previously by HNGN. The obliterated malware, once opened, executed a code that opened phones to hackers. But Zimperium, the security firm who uncovered the bug, has found that it is now back with a vengeance.
The recent iteration of Stagefright entails a simple modus, involving multimedia files (MP3/MP4) sent to Android devices, which then expose them to a complete takeover by hackers. The process is simple. "An attacker would try to convince an unsuspecting user to visit a URL pointing at an attacker controlled Web site," Zimperium said in a blog post. The culprit could then inject the exploit using conventional traffic modes for mobile browsers.
Stagefright is reportedly a set of two bugs, which piggyback on native Android files, libutils library and libstagefright. Once the bugs are combined, they execute a code that affects Android 5.0 devices or later, reported Ars Technica.
What is disturbing about the new malicious threats is that the user does not need to open the media files sent for the malwares to take effect. "The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue," Zimperium said.
Google has already acknowledged this recent threat but it has so far failed to release a fresh patch, which is disturbing because it takes time before such is implemented by third party Android manufacturers, according to Mashable. What is even more serious is that Stagefright could possibly infect more than 1 billion smartphones, including those running the latest Android softwares.
It appears that users are only left with one solution. They are advised to never open media files and links by unknown sources.