Having Stagefright could be fatal.
No, not the fear of appearing on a stage in front of a crowd, the security flaw which could leave Android devices susceptible to an attack. Initially, the flaw wasn’t thought to be a major threat to devices, but researchers at Northbit have discovered a fairly simple way to optimize the flaw and have released a lengthy report on their findings.
“This research shows exploitation of this vulnerability is feasible. Even though a universal exploit with no prior knowledge was not achieved, because it is necessary to build lookup tables per ROM, it has been proven practical to exploit in the wild,” the report summarizes. “Our exploit works best on Nexus 5 with stock ROM. It was also tested on HTC One, LG G3 and Samsung S5, however exploitation is slightly different between different vendors. Slight modifications were needed.”
Researchers developed a system in which Android phones can be compromised.
The key is a back-and-forth procedure that gauges a device’s defenses before diving in, reported Engadget. A user needs to only visit a website with a maliciously-designed MPEG-4 video and the attack will crash Android’s media server. Once that task is carried out it will send hardware data back to the attacker, send another video file, collect additional security data and deliver one last video file that actually infects the device.
Researchers said it is too difficult to determine just how many devices could be vulnerable.
Google, however, has stated devices which have updated security patches dating from Oct. 1, 2015 or beyond are protected from the vulnerability.