Install App Install App

New Stagefright hack bypasses security on millions of Android phones

An Israeli research team claims to have a new Stagefright exploit, which can hack your phone in a few minutes.

By Hardik Singh | Published 17 Mar 2016 16:25 IST
HIGHLIGHTS
  • An Israeli research team claims to have a new Stagefright exploit, which can hack your phone in a few minutes.

New Stagefright hack bypasses security on millions of Android phones

Stagefright hack, which was recently patched by Android and partner OEMs, is still a valid threat for unpatched devices. Israeli security researchers at Northbit, a security firm, claim to have further exploited that hack and have devised a method to hack any unpatched Android device. The group has successfully tested the exploit on a LG G3, HTC One and a Samsung Galaxy S5. Northbit has named the exploit Metaphor and published a PDF that gives full details of the exploit, its workings and how one can make it.

Northbit was also able to bypass ASLR (address space layout randomisation) that was re-introduced with Android Lollipop. The researchers wrote in the paer, “Although the bug exists in many versions (nearly a 1,000,000,000 devices) it was claimed impractical to exploit in ­the ­wild, mainly due to the implementation of exploit mitigations in newer Android versions, specifically ASLR” . 

"The team here at North-Bit has built a working exploit affecting Android versions 2.2 ­to 4.0 and 5.0 to 5.1, while bypassing ASLR on versions 5.0 ­to 5.1 (as Android versions 2.2 to 4.0 do not implement ASLR,"  the paper states. Northbit has shared a video showcasing how fast the exploit can hack a victim’s Android device.

Stagefright itself is a software library, which is coded in C++ and lives inside the Android ecosystem. It is used by Android to parse videos and other media. The Stagefright vulnerability was first cited in 2015 by Zimperium mobile security, and made about 95% of the Android devices vulnerable. Since then only a few devices have received software patches but a majority of Android devices remain vulnerable.

Hardik Singh
Hardik Singh

Email Email Hardik Singh

Follow Us Facebook Logo Facebook Logo

About Me: Light at the top, this odd looking creature lives under the heavy medication of video games. Read More

Tags:
Stagefright hack Northbit Metaphor
DMCA.com Protection Status