Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
MORE THAN A BILLION Android devices are at risk from a flaw that can infect devices when they preview an audio or video file.
Mobile security company Zimperium Labs discovered two new vulnerabilities that could put these devices at risk. Called Stagefright 2.0, an attacker can use a specially-created MP3 or MP4 file to access an Android device’s code to track or take information or make changes remotely.
The same company discovered the original Stagefright bug and announced it back in July. That bug could see Android devices infected just by sending a text message to Google Hangouts or Messenger apps.
The issue lies with Android’s preview function, which processes the metadata within the files, and since Google Hangout and Messenger have been updated, the attack would be carried out through a web browser.
The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. Since the primary attack vector of MMS has been removed in newer versions of Google’s Hangouts and Messenger apps, the likely attack vector would be via the Web browser.
The first vulnerability, found in the libutils code library, impacts almost every Android device as far back as 2008 while the second (libstagefright which is used to process media files) only affects those running Android version 5.0 and above.
However, there have been no examples where the flaws were exploited in public, and the details of said exploits have been kept private to prevent anyone from discovering it.
Zimperium Labs notified the Android Security Team of the issue back in August and an update has been shared with manufacturers. However, a fix for the second vulnerability hasn’t been provided yet.
While it is worrying that such flaws and vulnerabilities exist, the best way to keep yourself safe is to apply common sense when using your phone.
Always use approved apps, keep away from any sites or services that may look shady and don’t download content from unknown sources (for unapproved apps, you can check this by going into Settings > Security and making sure ‘unknown sources’ is turned off).
To embed this post, copy the code below on your site
People use Google Hangouts?
I love Google Hangouts. Its built in to all my friends phone, it’s free to use and it’s got a desktop version I can use at work so i don’t have to type on my phone.
When I was abroad I used it a lot for it’s free voice and video calls. The group calls especially were very useful.
Why wouldn’t you use it?
Best answer I can think of is my iPhone…
I have a potato here Paul. It’s nothing special but I have decided to put an “i” before it and a little logo of a half eaten apple. It’s yours for €800. Interested? Of course you are. Better get your tent out though cause the demand is huge!!!
You use Google Hangouts Brian?
Yes Paul I sure do. I find it very effective.
have your say