‘Stagefright’ Hack Puts Millions of Android Smartphone Users at Risk

‘Stagefright’ Hack Puts Millions of Android Smartphone Users at Risk

It is quite common that the smartphones and some other electronic devices often come across some vulnerabilities that might harm your device in a huge way. Android is the most popular mobile operating system which is being used by millions of smartphone users. Android users who had assumed that they were quite foregoing the hazardous ‘Stagefright’ with patches and updates from Google and smartphone manufacturers are in for a crash. The Stagefright vulnerability was discovered in the year 2015 and had put more than billion Android smartphones at jeopardy. However, the security team of Android and many smartphone manufacturers have issued patches and updates to decrease the risks.
Stagefright - Vulnerable Attack
It appears that these security updates and patches are of no worth to security researchers from Northbit have managed to represent a successful Stagefright exploit. The researchers have fortunately exploited the Android-based Stagefright bug, which places millions of Android devices in jeopardy of being hijacked, leaving numerous smartphones and tablets vulnerable to remote hacking. In a demonstration, the security researchers were capable enough to remotely hack a device with a Stagefright-based exploit.

Stagefright Vulnerability

An Israeli software security research company called NorthBit has, in a detailed research paper, revealed that it has exploited the dreaded Stagefright Android bug which has, in the past, put a billion user smartphones at risk. This vulnerable hack would let hackers obtain complete access to devices’ files, which they could duplicate or delete, as well as access to the camera and microphone.
In a video, the firm’s security researchers described the vulnerable hack using the Google Nexus 5 device and have successfully replicated the exploit on other devices that include LG G3, the HTC One, and the Samsung Galaxy S5. The security team was able to hack devices running Android 2.2, 4.0, 5.0, and 5.1 operating system. Fortunately, other versions of Android don’t seem to be affected by the vulnerable issue. According to the team, approximately 36 percent of 1.4 billion active smartphones running Android 5.0 Lollipop or v5.1 are vulnerable to hacking. In simple words, Android users who do not have the advanced and latest security updates are vulnerable to the hack.
Stagefright is a vulnerability in the software library, written in C++ programming language, that’s built into the Android operating system. The Zimperium researchers said it was responsive to memory corruption and when an MMS message containing a video was sent to the device it could if made in the right way can activate the malicious code and hijack an Android smartphone.

How does the Hack Took Place?

The security researchers have outlined a three-step process to hijack an Android device in the paper. Here is the step-by-step hacking process that put millions of Android devices at risk.

  • Firstly, a user is made to visit a specially-crafted web page that hosts a video file that is able to crash the media server software on the target device.
  • The video file then resets the media server software and waits for the device to restart.
  • Then, a JavaScript on the web page transmits the details regarding the device to the attacker’s server, which in turn generates another video file and sends it to the device.
  • It then draws more information such as the internal environment of the Android device.
  • Once this is done, another video file is sent to the victim’s handset, and executes a payload of malware, and starts spying.

Researchers say that the exploit attacks the CVE-2015-3864 bug in a “fast, reliable and stealthy” way by bypassing ASLR aka address space layout randomization, a mechanism that is designed to thwart exploit writers. In order for the security attackers to be successful in hijacking the device, they are required to perform a flow of operations.

Video: Stagefright Returns – 500 Million Android Devices at Risk

The first Stagefright bug was discovered by a security researcher in the month of July 2015 when it was revealed that the malicious vulnerability left up to 95 percent of all Android devices exposed to exploit.
The second critical vulnerability of the Stagefright bug was discovered not long after in the same year when a vulnerability could be exploited via an encoded .mp4 or .mp3 file sent using MMS. When these files were opened they were claimed to be capable of remotely executing malicious code. It was estimated that almost 950 million Android devices were left vulnerable to the bug.
Fundamentally, the exploit can be triggered just by visiting a malicious web page as the video shows below.

Watch the video below to see Stagefright being exploited on a Google Nexus 5:


Google, however, released a security patch for the malicious bug and assured regular security updates for Android smartphones following the publication of Stagefright’s details. However, it seems though that the company has not yet released patches for all versions of Android.

 

WARNING TECH GEEKS

YOUR INFORMATION IS EXPOSED

Your location is: Princeton, NJ

Your current IP address is: 2001:4455:2f7:b700:f880:7bad:b46b:1768

You can stream and download anonymously through your PC, Mac, Android, and iPhone through IP Vanish.

HIDE ME NOW
gdfg
Get 3-Months Free, 30-Day Money Back Guarantee

RECENT POST

laptop
Apps

5 Crucial Elements of Business App Development

The rise of business apps is still there, and no one can estimate when it will stop since the growth in recent years has been …

networks
Tech Tips

4 Ways to Identify Your Company’s Technology Needs

64% of SMBs use cloud technology for running their business more effectively. And that number is sure to continue increasing in the foreseeable future. 4 …

teamwork
Startups

8 Marketing Tips For Starting Businesses

If you run a small business, you will likely wear many hats, from sales to operations, marketing, and finance. You need to be able to …

B2B Technology

5 Ways to Build A Strong B2B Brand With Your eCommerce Business

To increase their B2B online turnover and at the same time compete against Amazon Business or different eCommerce leaders, companies need to improve the understanding …

Ways to tell if your Android Phone is hacked
Gadgets

7 Signs Your Android Phone Has Been Hacked—and What To Do if Your Android is Hacked

How to Tell if Your Android Phone Has Been Hacked Our smartphones are the center of our online lives. From everyday social media conversations to …

tablet
Culture

5 Easy Ways to Grow Organic Traffic

If you have a business, you must have a website. There’s just no getting around it. It’s the necessary bedrock for building an online presence …