While we thought the flaw Stagefright permanently clogged after Google rolled out different patches, security experts of Israeli society NorthBit come to develop a new exploit called Metaphor, which assigns the same multimedia library that Stagefright
Metaphor. Stagefright is still exploitable
Stagefright vulnerability that affects Android smartphones is back. It is a variant of the original flaw discovered in the summer of 2015, but Metaphor is his name, always attack the same library of multimedia devices running the mobile OS from Google but from a slightly different way.
Stagefright, it was enough to send an MMS trapped to make the machine vulnerable and retrieve information. Metaphor works differently, using a malicious web page containing a video in MPEG-4 format. The user connects to it and, through this modified video, the hacker can retrieve the information in the terminal. The video does not even need to be viewed by the user. NorthBit explained that the device can thus be hacked in less than 15 seconds without the user noticing.
40% of Android devices are threatened
NorthBit the company claimed to have been able to use this vulnerability successfully on the HTC One, Nexus 5, the LG G3 and Samsung Galaxy S5. However, all devices are not vulnerable. Some manufacturers have installed protections against such attacks.
About 40% of smartphones running Android are concerned Metaphor, 31.6% of which run on the Lollipop release, the most widespread in actual hour. So for now this flaw has not yet been exploited, according NorthBit, the only way to protect yourself is to install the patches distributed by Google for Stagefright and its derivatives.
No comments:
Post a Comment