New researches have found out that a new massive security flaw is putting 95% of the Android users at risk, claiming that it is the worst Android vulnerability in the mobile OS history. A researcher from the security firm Zimperium called Joshua Drake, says that he has discovered the so-called Stagefright bug, and he claims that any Android device could be potentially hacked by the standard hackers, only by using a simple MMS message or a multimedia file. Once they've targeted the victim's phone or Tablet, the hackers would have full access to their camera, microphone, external storage, and even gain root access.

In order to deliver software updates, phone carriers and cellphone manufacturers would need to work together.

Advertisements
Advertisements

As far as it is known, no one has been affected by this bug, but it still represents one of the largest #Smartphone hacks so far, according to Zimperium. The vulnerability is particularly worrisome because a user could fall victim without doing anything at all - the bug triggers just by looking at it. Because the software framework is used for processing all types of media content, handsets can even be infected by landing on a website with embedded video content.

Another problem that includes this case is its inability to properly handle a malformed MP4 file, which leads to a bug that could be exploited. So, basically, Stagefright 2.0 represents this set of two vulnerabilities that display when processing specially crafted MP3 audio or MP4 video files, according to Zimperium. This bug can potentially have an impact on almost every Android device since version 1.0 released in 2008, to the latest 5.1.1 version.

Advertisements

The problem is that people with older Android devices that are no longer qualified for software updates, and users with Android handsets from makers who aren’t official #Google partners, won’t have any access to the patch at all. Google declares that it has taken immediate action and has sent a fix to protect the users, and it will be releasing a patch in this month's security update. Also, other Android partners, namely HTC, Blackphone, Samsung, Nexus and T-Mobile , have expressed active participation on any actions needed to ensure user safety.