• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Millions of Android devices vulnerable to Stagefright bug again

March 18th, 2016 Ali Raza Cyber Attacks, Android 0 comments
Millions of Android devices vulnerable to Stagefright bug again
Share on FacebookShare on Twitter
A not so new bug called Stagefright, that affects Android devices has been discovered by security researchers. The bug leaves millions of Android devices at risk of attack.

The research company, NorthBit, a software research company based in Israel, claims it had exploited the bug which was previously discovered as the “worst ever discovered” bug. They published their results and showed a video of the exploitation the bug on a Nexus 5. The company also said it had tested on the LG G3, HTC One and a Samsung Galaxy S5. The exploitation the company used is called Metaphor.

android-gif

Gil Dabah who is the co-founder of the research company told the reporters that if left the exploit could be altered to cause more damage. He stated that if people did not upgrade to the latest updates then they were at a higher risk to get more affected. The bug affects Android 5 or 5.1 devices mostly of which they constitute 36 percent of the 1.4 billion active Android phones on the market. In a statement he said, “our research managed to get it to the level of production grade, meaning that everyone – both the bad guys and good guys, or governments- could use our research to facilitate it in the wild.”

Stagefright was first discovered in July 2015 by a security firm named Zimperium. The bug is able to execute remote code on Android devices and is possible to affect 95 percent of Android devices. Another version called the Stagefright 2.0 was found again in October which was said to be able to exploit issues with .mp3 and .mp4 files. The bug itself is a software library which is built inside the Android operating system. When a user receives an MMS message and the video is composed in the correct way it can trigger the malicious code which is already in the device.

During the time the bug was found Google released a security update, addressing the Stagefright issue. They also promised a patch of regular security updates for all Android devices in due course. But in light of the new version of the Stagefright bug, they have not yet commented yet and efforts to reach them were futile.

The research team say that the Stagefright can only affect Android 2.2, 4.0, 5.0 and 5.1. Other versions are safe for now. He says they managed to bypass a way, address space layout randomization (ASLR), a memory protection process which is available on Android 5.0 and 5.1 but not on 2.2 and 4.0.

After bypassing the ASLR, the video then shows one user opening a link sent in a message before the exploit sends mounds of data to the hackers computer. The chairman of Zimperium said that the research done by NorthBit showed that the scope of vulnerable Androids had increased. “I would be surprised if multiple professional hacking groups do not have working Stagefright exploits by now. Many devices out there are still vulnerable, so Zimperium has not published the second exploit in order to protect the ecosystem,” he said.

NorthBit’s report is enough to give hackers another way to complete exploit using the Stagefright bug. More and more security updates have to be released.

  • Tags
  • Android
  • Bug
  • Google
  • hacking
  • Malware
  • Privacy
  • security
  • Stagefright
Facebook Twitter LinkedIn Pinterest
Previous article Hackers can hack Internet Connected Sex Toys and Record Videos
Next article iOS Malware AceDeceiver: Hide and Seek between Apple’s DRM Versus MITM
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. His work has been featured in many major crypto and tech websites including Hacked, Hackread, ValueWalk, Cryptoslate, CCN, and Globlecoinreport to name a few. Raza is the co-founder of 5Gist.com, too, a site dedicated to educating people on 5G technology.

Related Posts
Warning as hackers breach MFA to target cloud services

Warning as hackers breach MFA to target cloud services

Pakistani Android users hit by spyware campaign with malicious apps

Pakistani Android users hit by spyware campaign with malicious apps

Fake Cyberpunk 2077 Android App Delivering Ransomware

Fake Cyberpunk 2077 Android App Delivering Ransomware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

43
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

29
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

85

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us