Skip to main content

Stagefright, the dreaded Android vulnerability, is back

After a security flaw was uncovered in July, which allowed hackers to get dangerous malware into other people’s Android devices with relative ease, security firm Zimperium zLabs has now uncovered a new Stagefright bug which allows hackers to infect other people’s Android devices in a similar fashion.

The newly discovered Stagefright bug allows hackers to break into other people’s devices by sending them to sites where infected mp3 and mp4 files are located. Once those files are run, the device is automatically infected. Also, users can infect their devices by playing such files in any media player used by the Android platform.

But wait, there’s more! In case a hacker uses the same Wi-Fi network as the victim, he’ll be able to infect the device without the victim even running the file, even though Zimperium didn’t explain exactly how this can be done.

Zimperium’s Joshua Drake has said that this flaw leaves “almost all Android devices” vulnerable, from version 1.0 all the way up to 5.0 and higher.

Google has said that it will offer a patch for the newly discovered flaw to the Nexus phone users on October 5.

The Stagefright vulnerability is said to be the biggest (opens in new tab) Android security problem for years now. The exploit leaves almost 95 per cent of all Android users susceptible to attacks. Just a month ago, we read how Google and Samsung were working together to deal with Stagefright.

The Stagefright bug lets attacker remotely execute code using multimedia text messages, and in most cases the users don’t even see the message.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.