The word that scared all Google users last summer is back and worse than ever. Stagefright, nicknamed by its founder Metaphor, is even more dangerous in its new version.
Much like its name’s meaning, Stagefright, hides deep in the Android library, unnoticeable to Android users as they watch videos of cute puppies and crafty DIY hacks, all the while exposing themselves to its vulnerabilities.
How many devices are affected?
Now in its second swing, these Stagefright vulnerabilities have already affected hundreds of thousands of Android devices through holes in the multimedia library. More specifically, they have even affected those who use versions 5.0-5.1 (23.5% of affected Androids) and some using versions 2.2 and 4.0 (unsafe due to old terminals that had been exposed to previous viruses).
Google fights back
After the bugs’ discovery, Google implemented a series of bug-fixes and other security measures, even creating its own group of vulnerabilities to counter the attacks. Upgrades and patches were set up to make it more difficult for Stagefright to infiltrate an Android in a real attack.
Unfortunately, Metaphor has been able to dodge these protection mechanisms that were added to the more modern versions of the Android. With this new exploit, as their own creators have shown, Stagefright can easily control devices as diverse and modern as the Nexus 5, Samsung Galaxy S5 UN, UN LG G3 or HTC One UN.
So, how exactly does Stagefright break in?
Sneakily. The user does not need to be using their smartphone during an attack, really. In the case of Stagefright, the attacker can gain access through a particular website (e.g. through a malicious video link received by email or MMS). In a proof of concept, an email with a corrupted video link promoting videos of kittens leads to a page actually containing this material. The recipient has no way of knowing, that while the video is rendering, their Android is also being attacked. It can take as little as 10 to 15 seconds for the cyber-criminal to have control of their victim’s terminal.
Metaphor’s strategy is not exactly new. It largely relies on the attacks that were released last summer, when the holes were first discovered. However, today’s danger lies in Stagefright’s ability to bypass ASLR, which is the barrier Google raised in all versions of Android after 4.1. The problem is that this new threat binds itself not only to older devices but also to more modern ones. Those who have Android´s Lollipop 5.1 are not even safe, representing about 19% of all of Android smartphones.
No matter what, the best way to protect your Android and all other risks associated with Stagefright is to keep your operating system as up-to-date as possible and install a good antivirus. If your phone has been left out of the recent updates, take caution: you should not browse pages unless they are fully trusted. Even those who promise photos of adorable and fluffy kittens.
A Logitech spokesperson has already claimed that the “vulnerability would be complex to replicate” and “is therefore a difficult and unlikely path of attack.” Despite that, the company has decided to develop a firmware update for the affected devices.
A closer look at the Locky ransomware
