Stagefright is back, this time takes control of Android devices through an infected audio file

Stagefright is back, this time takes control of Android devices through an infected audio file
Zimperium, the team of mobile security experts that has discovered the original Stagefright exploit back in July, has recently announced the discovery of yet another security flaw in Android's multimedia library. If you were feeling protected by the fact that your device has received a patch for the initial Stagefright bug, then this recent development will probably take you out of your comfort zone once again.

In the three months that have passed since the Stagefright exploit was first discovered, the security flaw managed to create a rupture in the entire Android ecosystem. Although Google has patched the bug in a comparatively timely manner, it was up to manufacturers to implement the patch, and up to carriers to send it out to consumer devices. As a result, many smartphones, especially entry-level and mid-range devices still remain vulnerable to the initial Stagefright bug to this day.

With the initial Stagefright vulnerability, attackers could take control over an Android device by sending an MMS containing a malicious video. This time around, Zimperium has discovered a way to hack Android devices through a malicious audio file, encrypted in either the MP3 or the MP4 file formats.

Once again, the trouble is all in the way that Android previews the multimedia files it encounters. For example, if your Android device visits a web page where the malicious audio file is hosted, the OS tries to preview the file. At this point, your device will be infected. Since the vast majority of Android devices use some version of the preview function, there's no limit to the potential magnitude of this new attack. According to the researchers at Zimperium, about 950 million Android devices could be vulnerable to the new Stagefright exploit.

Notified of the new Stagefright security flaw before Zimperium publicly announced the discovery, Google has baked in a patch for this exploit in the October Monthly Security Update for Android, which rolled out to manufacturers on September 10th. Google's own Nexus devices will get the patch on October 5th.

Zimperium says that they have yet to see the exploit being used in the wild, but does that alleviate your paranoia? Drop us a comment in the section below and share your thoughts!

source: Zimperium via The Verge

FEATURED VIDEO

49 Comments

1. Busyboy

Posts: 731; Member since: Jan 07, 2015

5. buccob

Posts: 2963; Member since: Jun 19, 2012

Hey Busyboy, share that link to "Tip us" section of PA... this way THEY will get their inbox full of these... I've been sending some already

6. Busyboy

Posts: 731; Member since: Jan 07, 2015

Good idea. I'll do both

7. BobbyBuster

Posts: 854; Member since: Jan 13, 2015

Great. Will Sony stop bleeding? We all know the answer.

15. DoggyDangerous

Posts: 1028; Member since: Aug 28, 2015

you didnt say, "everyone made money with iOS and no one made money with android". Why bobbybuster?

26. marorun

Posts: 5029; Member since: Mar 30, 2015

Will you ever stop trolling? We all know the answer.

51. Norris

Posts: 121; Member since: Jun 26, 2015

It won't help either.All you can see now is Apple articles.They won't allow articles of any other device better than iPhone,which are almost all high end and mid-ranged android devices.

8. tahnik

Posts: 200; Member since: Jul 17, 2011

Keep up good work guys. How can PA do this? I've been watching them since 2009, but was never disappointed this much

46. SonyFindOneDroidple

Posts: 865; Member since: May 11, 2013

this ain't the place to exhibit ginormous fanboyism..

2. Heisenberg

Posts: 373; Member since: Feb 11, 2015

So how would this be avoided

29. marorun

Posts: 5029; Member since: Mar 30, 2015

Simple just go in sms setting and turn preview off. :) But its another overblown propaganda as not a single client called any of the rep here at the store i work with an infected android phone ( any exploit ) since 2011. Many should know thats tech firm like Microsoft and Apple will pay security specialist to find those exploit and then report it to the world just to destroy others OS reputation. But when an Apple dev report to the world they loose dev priviledge as Apple only want them to report to apple only. see the double standard here?

56. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Then you work in a slow store. It is such a driver with our carrier that they have literally created a specific document to handle devices that are to old and wont get the update. Every week multiple calls a day for hundreds of agents.

12. Michael.Parker

Posts: 273; Member since: Aug 22, 2015

I remember when I used to download movies over torrents I'd occasionally get infected DIVX files causing problems with Windows. And now I've got to worry about the same on Android?

17. Penny

Posts: 1847; Member since: Feb 04, 2011

It shouldn't be too surprising. Android has the type of marketshare in the mobile world that Windows has in the computer world. Hackers tend to target the most widespread targets, especially if security has never been its strongest point.

33. marorun

Posts: 5029; Member since: Mar 30, 2015

Android security is pretty good if you take some time to do thing right. this exploit by example. First get an antivirus :) its will protect you on website from all this s**t. second desactivate mms auto retreive. last why not a single client came to us at the store i work with an infected android device since 2011 if its security is so crappy? we do sell at least 50% android device.

57. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

But the problem is you have to do this out of the box. And you do not even need to visit a website to be infected. Not to mention antivirus doesn't stop this, once it is loaded, including into ram this infects it. It does not have to even run, just load. Which an antivirus cannot stop at that point. Or at least no antivirus was able to stop it in the previous versions.

52. Plutonium239

Posts: 1199; Member since: Mar 17, 2015

Android does not have a ~90% global market share in smart phones.

47. sinple

Posts: 132; Member since: Nov 04, 2011

U still use Windows despite it having vulnerability , Don you?

20. xondk

Posts: 1904; Member since: Mar 25, 2014

I must say, these hackers are certainly creative.

21. darkkjedii

Posts: 30968; Member since: Feb 05, 2011

Can't wait to hear from the Big 3 android trolls on this one.

27. strudelz100

Posts: 646; Member since: Aug 20, 2014

Can't wait to hear from the entire PA user base of Android evangelists about the iPhone, on all articles, including those involving only Android. It is impossible to avoid mentioning the iPhone because its the benchmark for Android users as well, whether ya'll deny it or not.

32. darkkjedii

Posts: 30968; Member since: Feb 05, 2011

Y'all? I use both, but prefer iOS ever so slightly.

34. marorun

Posts: 5029; Member since: Mar 30, 2015

I would take ios on the same hardware as last gen android. as long as its will be back 2-5 year in hardware departement i wont get iphone ever. funny thing is i really liked ios up to ios 6.0 then its became more and more unstable. when Job was there he would not lets all those crappy update thats bring load of issue passe.

39. darkkjedii

Posts: 30968; Member since: Feb 05, 2011

Don't know what that has to do with my post, but ok.

41. DoggyDangerous

Posts: 1028; Member since: Aug 28, 2015

bcoz Everyone made money from iOS

45. Zylam

Posts: 1813; Member since: Oct 20, 2010

You know, you think you'll being smart trying to combat Bobby but you're just making yourself and Android phones looks bad. By everyone Bobby means Oems, IOS only has one Oem and it's making billions of dollars every 3 months. The android Oems are either bleeding or just making it to a fee million in profit. Nothing compare to apple. Also everyone's seen the developer charts, they make more money on iOS. I love Android and use all 3, but fandroids like you make all of Android look bad.

54. DoggyDangerous

Posts: 1028; Member since: Aug 28, 2015

Yes, bcoz I made money with iOS. 3.50 cents

43. 99nights

Posts: 1152; Member since: Mar 10, 2015

What about the copious amount of made up apple accounts that troll every single article lol, bobbybuster for example at his usual in first wave of comments. It's ridiculous.

22. bur60

Posts: 981; Member since: Jul 07, 2014

I have a feeling that this is being blow out of proportion. Stagefright gets a fix and now this comes after? Seems like somebody is damaging Android's image.... Could be wrong tho

35. marorun

Posts: 5029; Member since: Mar 30, 2015

Nope you are right. Apple and microsoft pay security firm to search for exploit then put it all on public website. not 1 android infected by any virus or such came back to my store i work at since 2011. and we sell 50% android device if not more. So yep as usual.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.