Android Stagefright Hacking Threat Is Real, Cyber Security Firm Confirms

By Jenn Loro - 22 Mar '16 06:54AM

What was previously thought as theoretical security flaw in Android devices turned to be real after a cybersecurity consultancy firm  discovered the bug named 'Stagefright' last summer calling it as the 'mother of all Android vulnerabilities'. No white hackers have ever succeeded in executing the hack until now.

According to researchers and cybersecurity experts at NorthBit, they now managed to create a version of the said malware that enables hackers to gain access to Android devices.

As a matter of fact, NorthBit's bug version codenamed 'Metaphor' was 'a proof of concept Stagefright exploit' which they said was most effective on Nexus 5. The hack threat also extends to other Android phones like HTV One, LG G4, and the Samsung Galaxy S5 as reported by CBS News.

However, it is significant to note that the simulated attack was in a lab-controlled research experiment and hasn't happened yet. Now that the attack is more than just theoretical, the news is a heads-up to Android users, smartphone makers, and Android's owner, Google.

"The reason to keep researching this library is because it has proven to be very vulnerable in the past (multiple bugs and bad code), affects numerous devices and has many good potential attack vectors: mms (stealthy), instant messaging (automatic), web browser (minimal­to­no user interaction) and more," Hanan Be'er, a security researcher for NorthBit as quoted in a report by New York Daily News.

Google lauded the latest discovery. For its part, the Silicon Valley giant released an update last fall to provide users the best protection they could offer to Android users.

"Android devices with a security patch level of October 1, 2015 or greater are protected because of a fix we released for this issue (CVE-2015-3864) last year. As always, we appreciate the security community's research efforts as they help further secure the Android ecosystem for everyone," reads Google's official statement as mentioned in a report by Engadget.

Fun Stuff

The Next Read

Real Time Analytics