The Stagefright scare for Android device users is not over yet, as researchers identify two more Stagefright-related vulnerabilities that could leave your Android open to hijacking.
Joshua Drake of Zimperium zLabs, the security researcher who first raised warning flags about the Stagefright vulnerabilities in July, has found two new other issues that could allow hackers to execute malicious code on your device. Zimperium researchers say the vulnerabilities affect at least 950 million Android users, but company founder and Chief Technology Officer Zuk Avraham believes that about 1.4 billion users could be affected.
Stagefright allows hackers to get into your phone by leading you to open a link to an MP3 audio file or an MP4 video file containing malicious code. The malware is injected into your mobile device the moment you preview or play the malware-infected media file or play it in a third-party multimedia player that uses your device’s libStageFright software libraries.
Your risk of being hacked increases when you and the hackers connect to the same local network, such as public Wi-Fi in a restaurant. In this case, the hackers don’t need to trick you into opening a website or file. They only need to intercept the unencrypted data to and from your computer and inject the malware into your device through that data traffic. Hijack complete.
Google has already offered patches to its device partner manufacturers based on Drake’s research and has been working with their partners to push out the updates as swiftly as possible. Nexus phoneowners can expect an update containing the patches for the new bugs on Oct. 5, according to a Google spokesperson.
Earlier this year, Drake found that attackers can infiltrate your Android device simply by sending a malware-bearing multimedia message (MMS) through such apps as Messenger and Google Hangouts. In some cases, the attack occurs instantly without your knowledge; in other cases, the attack is triggered when you look at the MMS even without playing the media file. Stagefright hackers can cover their tracks after successfully compromising your device, so you’ll have no way of knowing that you’ve been had.
To find out if your Android device is affected by Stagefright, run Zimperium’s Stagefright Detector app on your device. Make sure to apply security updates for your phone or tablet as soon as they’re available.
[Image credit: Zimperium]