Stagefright 2.0 is finally back in the ranks of Android vulnerability, causing over 1bn Android devices to be hacked easily through a remote server execution.
Stagefright bug was first encountered in 2008 when the hacker can easily hack the device and get access to internal resource and execution by simply exploiting the media handling capabilities of the Android devices. The first Stagefright bug enabled hackers to send an MMS message and take control of the device.
Stagefright 2.0 is not different and enable the hacker to take control of the device with the help of MP3 or MP4 video.
Even the older smartphones such as Google Nexus and Samsung’s Galaxy S6 series are vulnerable to the Stagefright 2.0 bug. These smartphones were cleared for the first stagefright bug.
“Visiting a website and previewing an infected song or video file could enable the attacker to gain access to your mobile device and run remote code, in theory allowing them full access to your device enabling them to do whatever they wish … including installing other malware, or just harvesting your data for use in identity theft.” — added Mark James, security specialist at ESET.”
Zimperium, who discovered the first stagefright bug added —
“The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright)”
The vulnerability is quite severe considering the fact that it can be exploited using just plain media files.
Google has already shown interest in solving the problem. Stagefright 2.0 has been acknowledged as a critical severity and is already been solved behind the Google labs.
It is only time when the updates roll out and fixes the problem.
Stagefright 2.0 is more powerful than the initial Stagefright bug. The first Stagefright bug needed phone number of the victim for execution, but there is no information requirement for the Stagefright 2.0.