New “Stagefright” Hack Compromises 275 Million Android Phones
By Jose de la Cruz | Mar 21, 2016 10:04 AM EDT
A security firm has recently revealed that approximately 275 million Google Android phones are vulnerable to "Stagefright," a newly created drive-by attack which can install malware and wrest control of mobile phones' key operations.
According to some researchers from Northbit, an Israeli security firm, a proof of concept called Metaphor is designed to wreak havoc to Android versions 2.2 through 4.0 down to 5.0 and 5.1. Together, they can affect 275 million smartphones.
The malware targets "Stagefright" media library, the same object that caused approximately 950 million smartphones vulnerable to the same code-execution attacks in 2015.
However, the exploit has two primary limiting factors. The first one is that it has to make different codes to attack each specific phone model. This makes it harder for a hacker to deploy the malware on a huge scale since he has to create different versions.
The second one is that the malware is also effectively blocked in the newest version of 6.0 Marshmallow Android, and Google stated that in October 2015, it has released a security patch that protects their previous versions or installations.
There is also one more thing: according to Ars Technica, upgrading to the latest OS is not easy and updating on some Android phones may not be possible at all. Therefore the best security measure is still the most tried out one which is not to click on unknown and web addresses from unverified sources.
"They've proven that it's possible to use an information leak to bypass ASLR," Joshua Drake told Ars Technica. He is the vice president for platform research and exploitation at Zimperium, a mobile security service provider.
"Whereas all my exploits were exploiting it with a brute force, theirs isn't making a blind guess. Theirs actually leaks address info from the media server that will allow them to craft an exploit for whoever is using the device," he added.
Most Popular
-
1
Starbucks Gains US Supreme Court Support on Challenging Federal Courts’ Injunction Requests -
2
Top 5 Side Hustles You Can Start in 2024 with $0 Start-Up Cost -
3
Costco Reaches Terms with The City Council, Slated to Open in California as The World’s Largest -
4
Passion Into Profit: How a 36-year-old Nailed It for Just 5-10 Minutes a Day -
5
Walmart-Owned One Gears to Become A Financial Superapp, Pushes Buy Now, Pay Later Scheme -
6
SunPower Moves Away From Direct Sales Channel, Cuts 1,000 Jobs As Part of Restructuring -
7
Team Chat Etiquette: The Do’s and Don'ts When Reaching Out to Colleagues