After a security flaw was uncovered in July, which allowed hackers to get dangerous malware into other people’s Android devices with relative ease, security firm Zimperium zLabs has now uncovered a new Stagefright bug which allows hackers to infect other people’s Android devices in a similar fashion.
The newly discovered Stagefright bug allows hackers to break into other people’s devices by sending them to sites where infected mp3 and mp4 files are located. Once those files are run, the device is automatically infected. Also, users can infect their devices by playing such files in any media player used by the Android platform.
But wait, there’s more! In case a hacker uses the same Wi-Fi network as the victim, he’ll be able to infect the device without the victim even running the file, even though Zimperium didn’t explain exactly how this can be done.
Zimperium’s Joshua Drake has said that this flaw leaves “almost all Android devices” vulnerable, from version 1.0 all the way up to 5.0 and higher.
Google has said that it will offer a patch for the newly discovered flaw to the Nexus phone users on October 5.
The Stagefright vulnerability is said to be the biggest (opens in new tab) Android security problem for years now. The exploit leaves almost 95 per cent of all Android users susceptible to attacks. Just a month ago, we read how Google and Samsung were working together to deal with Stagefright.
The Stagefright bug lets attacker remotely execute code using multimedia text messages, and in most cases the users don’t even see the message.