Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

New Android Vulnerabilities Leave 1.4 Billion Devices Open to Hackers

by Elmer Montejo on October 02, 2015

The Stagefright scare for Android device users is not over yet, as researchers identify two more Stagefright-related vulnerabilities that could leave your Android open to hijacking.

Joshua Drake of Zimperium zLabs, the security researcher who first raised warning flags about the Stagefright vulnerabilities in July, has found two new other issues that could allow hackers to execute malicious code on your device. Zimperium researchers say the vulnerabilities affect at least 950 million Android users, but company founder and Chief Technology Officer Zuk Avraham believes that about 1.4 billion users could be affected.

Stagefright allows hackers to get into your phone by leading you to open a link to an MP3 audio file or an MP4 video file containing malicious code. The malware is injected into your mobile device the moment you preview or play the malware-infected media file or play it in a third-party multimedia player that uses your device’s libStageFright software libraries.

Your risk of being hacked increases when you and the hackers connect to the same local network, such as public Wi-Fi in a restaurant. In this case, the hackers don’t need to trick you into opening a website or file. They only need to intercept the unencrypted data to and from your computer and inject the malware into your device through that data traffic. Hijack complete.

Google has already offered patches to its device partner manufacturers based on Drake’s research and has been working with their partners to push out the updates as swiftly as possible. Nexus phoneowners can expect an update containing the patches for the new bugs on Oct. 5, according to a Google spokesperson.

Earlier this year, Drake found that attackers can infiltrate your Android device simply by sending a malware-bearing multimedia message (MMS) through such apps as Messenger and Google Hangouts. In some cases, the attack occurs instantly without your knowledge; in other cases, the attack is triggered when you look at the MMS even without playing the media file. Stagefright hackers can cover their tracks after successfully compromising your device, so you’ll have no way of knowing that you’ve been had.

To find out if your Android device is affected by Stagefright, run Zimperium’s Stagefright Detector app on your device. Make sure to apply security updates for your phone or tablet as soon as they’re available.

[Image credit: Zimperium]


Topics

Phones and Mobile, News, Mobile Apps, Android Apps, Blog


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.