Stagefright 2.0 Hack Threatens 1 Billion Android Users: Here’s What You Should Know

Impact

An Android device virus called Stagefright 2.0 is threatening over 1 billion smartphones, tech security company Zimperium Mobile Security reported Thursday. Experts indicate that hackers will be able to access users' private data and even control the phone once infected. The upgraded bug comes in the form of an MP3 or MP4 media file that can immediately attack a phone after the MP3 file is played.

Zimperium has been tracking the vulnerability since it was discovered in April. It has now reported the bug has taken on a new form when inside audio and video files. Android updated its devices with security measures and patches after the first Stagefright virus, which infected users in the form of an MMS message, but that technology won't protect devices from getting hit with the latest version, according to the Mirror.

According to Zimperium Security, hackers can access any aspect of a user's phone infected with Stagefright 2.0. Their company blog states: "The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. Since the primary attack vector of MMS has been removed in newer versions of Google's Hangouts and Messenger apps, the likely attack vector would be via the Web browser."

How it works: According to Zimperium, the virus initially will attack an Android user after he or she clicks on an MP3 or MP4 file containing the bug. "An attacker would try to convince an unsuspecting user to visit a URL pointing at an attacker controlled website." A hacker can simply infect the device by lacing Stagefright 2.0 through an unencrypted network or any 3rd party apps. 

What's being done: Zimperium immediately notified Google, along with the Android Security Team, of the Stagefright 2.0 bug. Google has also included the virus in its Nexus Security Bulletin, scheduled for release next week. Zimperium writes, "As more and more researchers have explored various vulnerabilities that exist within the Stagefright library and associated libraries, we expect to see more vulnerabilities in the same area."