Playing MP3 and MP4 files puts your Android device at risk

Researchers from Zimperium found a new threat for Android devices and they are dubbing it Stagefright 2.0. According to the security specialists, this new vulnerability affects over 1 billion smartphones and tablets from all over the world and is related to the way the mobile operating system processes the metadata from MP3 songs and MP4 videos. Hackers can set up bogus webpages, dupe their victims into visiting them, then exploit the vulnerability and open the way for remote code execution. As far as the researchers can tell, every device that runs Android versions between 1.0 and 5.1 (so all of them) are susceptible to this kind of cyber attacks.

As a heads up, the security researchers from Zimperium are the same ones who, a few months ago, discovered the critical flaw named Stagefright, which allowed attackers to hack your phone with one simple MMS. The newly found vulnerability is located in an Android library named libutils. Since the previous attack method (MMS) has been closed off, this time attackers have to trick the users into visiting a malicious webpage. They do this by sending the malicious links via emails or instant messages and even through compromised ads which appear in legitimate apps or on regular websites.

The researchers have reported the flaw to Google on August 15th and a patch is set to arrive on October 5th as part of the regular Android security update. Additionally, the company plans to add the ability to detect exploits for this vulnerability to its free Stagefright Detection app so you will soon know for sure if your device is secure or not.

Comments