PO Box 4206, Ainslie, ACT, 2602

Android Users Beware, StageFright 2.0 is Waiting

We posted back on Technology News July 2015 that a Security Research firm, Zimperium had found a way to send a simple text that could help take over the victims Android device.

Introducing Stagefright 2.0

Two major vulnerabilities have been discovered in Google’s Android mobile software by this very same security company and made a post about it on Thursday. Not only that, but several other bugs discovered by the security researchers pose a danger to every active Android device out there.

The two new bugs, which can expose people with Android-powered smartphones and tablets to attacks by malicious hackers, are the latest vulnerabilities that have come to be known as Stagefright. The previous reported bug we talked about back on Technology News July, was just the tip of the ice burg and they now found the problem is broader than originally thought.

More than a billion Android smartphones and tablets are at risk of being compromised by the new bugs if their owners even just preview video or audio files that have been created to exploit the vulnerability.

The first of the bugs has the potential to impact almost every Android device going back to version 1.0 of the software, released back in 2008. The second bug can be used to target all devices running later versions of Google’s software, Android 5.0 and up. Google next week plans to release Android 6.0 or the new treat name – Marshmallow.

In zLabs blog post, they describe how Android users are attacked.

The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. Since the primary attack vector of MMS has been removed in newer versions of Google’s Hangouts and Messenger apps, the likely attack vector would be via the Web browser.

  1. An attacker would try to convince an unsuspecting user to visit a URL pointing at an attacker controlled Web site (e.g., mobile spear-phishing or malicious ad campaign).
  2. An attacker on the same network could inject the exploit using common traffic interception techniques (MITM) to unencrypted network traffic destined for the browser.
  3. 3rd party apps (Media Players, Instant Messengers, etc.) that are using the vulnerable library.

zLabs reported their findings on August 15 to the Android Security Team who got to work immediately to fix the problem.

We would like to thank Google for their cooperation for promptly including the fix in the upcoming Nexus Security Bulletin scheduled to be released next week.

– zLabs

Now the only thing that remains is pushing out the fixes to consumers, and in a quick amount of time.
As stated in our previous report,  Android relies on Wireless Carriers (Telstra, Optus) and Phone Manufacturers (Samsung, Sony) to send the Security updates to secure consumer devices, but they take too much time dealing with it.
Google Nexus users are guaranteed an over-the-air update while Google have shared the details to the other manufacturers and carriers to see them push the update ASAP.

Android users, get the updates as soon as you can!

Comment & Share Below.