Newsletter
It was only a few months ago that we first heard of Stagefright and the dangers it possessed. This bug first flew into several media outlets and the consumer’s radar when it was revealed that hackers could use an exploit simply by sending over a text or MMS. This led Google and several of the Android smartphone manufacturers into a frenzy as they attempted to roll out a patch to secure consumer handsets from any attacks, but it seems we’re still far away from completely taking down the Stagefright bug. A new exploit was discovered and alerted to the public that hackers can use an exploit simply through the use of MP3 and MP4 embed file.
If you thought we were finally done with the Stagefright exploit, which was first picked up in the media this past July, you couldn’t be more wrong. With this bug, it doesn’t matter what version of Android you are running and the patches to solve this issue have yet to be released so we’re all potentially liable in receiving this vulnerability.This new exploit was discovered by Zimperium security in which they revealed that a hacker could use this Stagefright exploit by implementing a malicious program into either an MP3 or MP4 file.
Consumers wouldn’t even have to receive the file directly on their smartphones to become infected. Instead of hoping that an Android user downloads and opens the file to activate the Stagefright exploit, the hacker could embed the file onto a website. The user would only have to log onto a website for the exploit to trigger the MP3 or MP4 preview and thus infecting the device. Even furthermore, a public Wi-Fi network could be a host for an attack and release the virus onto anyone that happens to be connected on the public Wi-Fi network.
As of right now, there’s no fix for the bug. Google has stated that they are working on a patch to solve these latest vulnerabilities which will first be rolling out for Nexus smartphones this October 5. From there, users will have to rely on their manufacturers such as Motorola, LG, Samsung, and HTC to release a security patch for their line of devices.