Stagefright, Android’s playback feature, was attacked by a malware via a large number of devices. The bug only had to send an exclusively designed code to individual phones in order to run the code and left almost a billion dollars gadgets susceptible to online hacking.
“Stagefright” is a code name given to potential cyber risks that reside very deep within the Android OS itself. The idea is that video clips sent through the MMS (text message) service might be hypothetically used as the perfect opportunity of strike through a libStageFright method. This helps the operating system to run MP4 video files and plenty of text message apps, like Google’s Hangouts service, instantly process the file. This way, the file is ready for usage right after the user opens and the hacking could occur without the user even knowing about it.
Even if Google quickly released a patch for this particular weakness, the security company that discovered the dangerous malware, Zimperium, has also discovered two new problems in Stagefright, allowing skilled hackers to control an Android gadget by delivering to the user a complex multi-media file.
The new issues are caused by the way in which the operating system manages MP3 audio files or MP4 videos. One problem, found in libutils library, affects almost all Android gadgets running on any version of the system. Devices are at danger if third party applications or vendor-installed programs are using the hacked options. The other vulnerability, in libstagefright library, might be used to at\activate the first bug in more recent gadgets that are operating on Android 5.0 and later.
The specialists at Zimperium zLabs informed mass media that all Android products without the Google’s patch present this hidden problem. For users, this means that a hacker can remotely run a code on other systems by delivering them a harmful MP3 or MP4 computer file.
Compared to the previous Stagefright remote control, which needed sending a written massage, attackers are now willing to attract the users onto an isolated site that contains the dangerous multi-media file. The malicious aspect is that potential victims do not even have to run the respective computer file.
These weaknesses can be found in the handling of meta-data within the files’ coding, so just previewing the music or movie file can activate the malware.
Even if Google has recognized the existence of this problem, a perfect countermeasure is not available yet. To make thing even worse, after Google produces it, it could take a while for Android smart phone producers to apply it, as it was the case with the past Stagefright attacks.
The best approach for customers right now is not opening unknown multi-media files or links from questionable sources. This is not an ideal solution, and while a common security procedure is excellent, users still need immediate patches against direct attacks when they occur. Google, Alcatel and Samsung have launched their immediate patches for stagefright, while HTC, LG and Sony said that they will be offering upgrade features later this month.
Image source: Wired.com