Jordan Gruskovnjak, a security researcher with Exodus Intelligence, has discovered that the Stagefright security patch that was released by Google is flawed. Google has released the patch for Nexus earlier this month and claimed that it had fixed the issue. He further went on to say that even the Stagefright Detector App can’t detect the flaw. The app was developed by Zimperium, who had first reported the Stagefright bug.
Exodus Intelligence has said, “Along with the initial bug report, a set of patches to stagefright flaws were supplied and accepted by Google. One of these patches, addressing CVE-2015-3824 (aka Google Stagefright 'tx3g' MP4 Atom Integer Overflow) was quite simple, consisting of merely 4 lines of changed code."
The researcher performed the test on an updated Nexus 5 with the help of an mp4 file. During the testing, the Nexus 5 crashed. Exodus Intelligence has said that they have notified the Google about the flaw and the internet giant has accepted it.
If you are unaware, the Stagefright bug affects the Stagefright multimedia player component and can affect any device running Android 2.2 (Froyo) or above. It lets the attacker to perform arbitary actions on the infected device. The dangerous thing is that the bug can be sent to any device simply by sending a malicious MMS file. Zimperium, the company who discovered Stagefright, has said that almost 50% of Android devices can trigger the vulnerability even without any interaction with the MMS, while the rest do so by simply opening the message. As for the numbers, approximately 950 million Android devices are vulnerable to the bug which comes out to be about 95% of the devices.
Stagefright bug is not the only threat Android users are facing, two researchers have recently revealed that hackers can remotely lift your fingerprints from Android devices.
You might also like to read: Is your Android phone data secure?