More than one billion Android devices could be vulnerable to hacking thanks to a new security vulnerability dubbed “Stagefright 2.0.”
The vulnerability is a follow-up to the Stagefright bug, discovered in July, which allowed hackers to take control of Android devices with a simple text message. Google issued a patch for the bug quickly – however, researchers have now found two new vulnerabilities related to the original bug.
According to security experts, Stagefright 2.0 could allow an attacker to take over an Android smartphone using a specially designed MP3 or MP4 video.
Security firm Zimperium, which discovered the original Stagefright bug, said the new vulnerabilities impact nearly every Android device since 2008.
Unlike the original Stagefright bug, hackers will likely try to lure users onto a web site, which contains the malicious multimedia file. The users wouldn’t even have to open the file.
“The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue,” read the report.
Google has acknowledged the issue; however, a patch is not yet available. Once a patch is issued, it will be up to each Android manufacturer to push it out to users – something that took a while with the original Stagefright bug.
To avoid being affected by the vulnerability, users are urged not to open any sort of multimedia file from an unknown website or source.
Comments