The mother of all Android cyber vulnerabilities ‘Stagefright’ security flaw has been a theoretical threat so far. The bug was discovered only last year summer, but no one has been able to exploit the chinks practically. Now, researchers at NorthBit, a well –known cyber security firm in Israel, have actually showed that hackers could find a way to exploit some of its weaknesses.
Straightfright, a media playback tool built into Android devices, contains a bug. This tool is used to retrieve images and videos sent to the smartphones. What happens that a hacker can send an image or video containing a malware and when users open it, the hacker takes the complete control of your phone.
They can steal sensitive personal information such as credit card details. The bug is even more powerful and effective in Nexus 5 phone, but it can affect other Android phones such as HTV One, LG G4, and the Samsung Galaxy S5.
It is important to note that the hack was executed in a controlled research environment, but so far no attempt has been made to execute it in reality. Those users that have updated to Android 6.0 Marshmallow or other operating systems have put up a credible defense to this security threat.
According to a report, the attack was tough to carry out but it worked quickly. It was found that it just took 20seconds to infect your Android device in just 20 seconds. “Android devices with a security patch level of October 1, 2015 or greater are protected because of a fix we released for this issue (CVE-2015-3864) last year,” Goolge said in a statement. “As always, we appreciate the security community’s research efforts as they help further secure the Android ecosystem for everyone.”
During the experiment, a website with a maliciously-designed MPEG-4 video and the malware attack crashes the Android’s media server and took all relevant information.
What happens is that when the bug-ridden malicious message is downloaded, it resets a phone and forces it to send a unique video file to the device. Using this technique, a hacker can also copy data.
Responding about the problem, Samsung said it would keep fixing such security flaws as and when detected. Google, on the other hand, clarified that their Nexus devices would keep receiving regular OTA updates. LG and HTC have also responded in a similar tone and tenor.
The bottomline of the report is that old Android devices are at risk, but new devices are protected against the ferocious Stage-fright security flaws.