Android Security problems: 'Stagefright' Bug Returns to Render Over 1 Billion Android Devices Vulnerable to Hacks
The Stagefright bug has returned to render over a billion Android devices vulnerable to hacks, Zimperium discovered.
Stagefright is a bug that could use a vulnerability to get access to an Android device with just a simple message. While Zimperium zLabs security researchers first discovered the bug in July, they have once again encountered it recently, according to The Indian Express.
After the first discovery of Stagefright, Google released a series of patches to fix the vulnerability. However, Zimperium researchers have found out that Stagefright is back and the bugs can give hackers access to Android devices by tricking users into clicking a website link. But the website contains malicious multimedia file, like an mp3 or mp4 file, which could allow hackers to enter the device, the report details.
The Zimperium researchers found that Stagefright, an Android app for playing multimedia files, contains two new bugs. The bug enters the device and executes a code for installing malware, lifting personal data, or gaining access to messages and photos via a file vulnerability. The most alarming part of the problem is that users have no way to know if their device has been infiltrated by the bug, Wired explains.
While Google chief Sundar Pichai proudly announced at a recent company event that Android has reached 1.4 billion 30-day active users, Zimperium researchers believe that the Stagefright bug could extend to around 1.4 billion individuals. The security firm discovered that "almost every Android device" that came out starting 2008 could be vulnerable to the bug, the report relays.
The problem does not stop there. Zimperium security researcher Joshua Drake said in his blog post that the code execution would be triggered even by just previewing the malicious song or vide. Hackers can also use public WiFi to tweak the user's unencrypted network traffic, Drake adds.
In the wake of the second Stagefright bug discovery, a spokesman from Google said the company will release a new patch for Nexus phone users on Oct. 5. Motorola has already rolled out a Stagefright fix for Moto X, and other OEMs and carriers are expected to do the same.