New bug makes millions of Android devices vulnerable to hacking
19 Mar 2016
A team of researchers has successfully exploited the Android-based ''Stagefright'' bug and remotely hacked a smartphone, sending a message to millions of Android users that their devices were vulnerable to virus attack.
According to Israeli software research company NorthBit, it had ''properly'' exploited the Android bug that was originally described as the ''worst ever discovered'', according to Wired.
The exploitation called ''Metaphor'', also had a video showing the exploit being run on a Nexus 5 smartphone. According to NorthBit it had also successfully tested the exploit on an LG G3, HTC One and Samsung Galaxy S5 devices.
''Approximately 36 percent of the 1.4 billion active Android phones and tablets run Android 5 or 5.1 and devices lacking the latest updates would be vulnerable,'' NorthBit co-founder Gil Dabah was quoted as saying, IANS reported.
''Our research managed to get it [the attack] to the level of production grade, meaning that everyone – both the bad guys and good guys, or governments – could use our research in order to facilitate it in the wild,'' Dabah added.
The hack which was able to execute remote code on Android devices could possibly affect up to 95 per cent of Android devices.
The Herzliya, Israel-based company, published a paper outlining Metaphor, a nickname for a new weakness they had identified in Stagefright, Android's media server and multimedia library.
The attack was effective against devices running Android versions 2.2 through 4.0 and 5.0 and 5.1, according to NorthBit.
According to the company, its attack worked best on Google's Nexus 5 with stock ROM, and with a number of modifications for HTC's One, LG's G3 and Samsung's S5.
The attack comes as an extension of others developed for CVE-2015-3864, a remote code execution vulnerability that had been patched twice by Google.
The security company Zimperium had found the original Stagefright flaws in early 2015, which hit millions of devices. Google has since had to repeatedly issue patches and fixes for problems in Stagefright that researchers continued to find.
