Home / Lifestyle / Mobile / Almost every Android handset vulnerable to new Stagefright 2.0 bug

Almost every Android handset vulnerable to new Stagefright 2.0 bug

As much as it can often be handy to use the most popular technological platform as it tends to get plenty of updates and support from various sources, the downside is that it's more prone to attacks. As Apple devices have become more common place in the past decade, we've seen an upswing in infections and a drop in “it doesn't get viruses” claims. The same is true for Android, as once again within just a couple of months a nasty vulnerability has appeared that can affect just about everyone.

More than a billion android handsets and tablets are thought to be vulnerable to the new Stagefright 2.0 exploit, which uses the Android media preview feature to infect a device. All a user has to do is begin to preview a song or video created by nefarious individuals to give them access to your device, letting them steal data or install malicious software.

mobile-phone-791644_1280
Source: Pixabay/KaboomPics

“The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue,” researchers at Zimperium Labs said. “Since the primary attack vector of MMS has been removed in newer versions of Google’s Hangouts and Messenger apps, the likely attack vector would be via the Web browser.”

Google has announced updates for its devices which will be released on 5th October, however other device makers haven't been quite so quick off of the mark and have been encouraged to quickly fix the flaw, as it has the potential to impact millions of users. Considering some still haven't updated themselves to protect against the original Stagefight bug, discovered back in July, this latest addition makes people doubly vulnerable.

Discuss on our Facebook page, HERE.

KitGuru Says: As much as those update-push cards are irritating, run your updates people, it's the best way to stay protected.

Become a Patron!

Check Also

Pokémon TCG Pocket

Pokémon TCG Pocket has already surpassed 60 million downloads

A little over a month since its release, the free-to-play Pokémon TCG Pocket has surpassed 60 million total downloads across iOS and Android.

6 comments

  1. I will NEVER understand why people don’t like updating. I commonly see people worried about Windows 10 not allowing you to stop automatic updates (which you CAN), when most of those are security updates or improvements to some sort of functionality… why do people like it just deny the fixes software publishers put out? Because of the off-chance that it introduces a new bug? I don’t get it!

  2. People are stupid… I think its as simple as that.

    Back in the days of win 7 I would be “fixing” friends slow and virused computers. Windows updates disabled on every one and was never updated manualy since the day they bought it.
    Some didn’t know it existed, others were convinced it made the computer slower and intentionaly dissabled them….

  3. Back in the days of XP, some windows updates cause BSOD and other unpredictable things to your PC. It’s like MS is letting the users beta test their updates. It is never advisable to turn on automatic updates for all updates even the non-critical ones. I have never turned on automatic updates from XP to windows 8.1 What I do is wait for service packs.
    The problem with windows is there a lot of combination of hardware that sometimes the updates MS does conflicts with the drivers. They can not possibly test the updates/fixes on all of the combination of hardware. In windows 8 the OS is different that there is modularity in the system. Notice that you can restore to factory settings or reset the OS without affecting your data. It makes updating windows safer.

    In iOS it is different. The hardware is the same so issuing updates to patch vulnerabilities won’t necessarily brick your phone/tablet or whatever. So any update made and tested by apple would not cause problems and would work with all ios devices.

    In android, the oem partners (sony,lenovo) gets the update and tweaks it to work in their specific device.

    Even so, in android/ios you are still prompted to update your device and not forced to update your device automatically.

    Nothing beats common sense and vigilance. If you go to websites that are ‘shady’, if you click links and run apps that you don’t know,you are most likely going to cause a security breach.

  4. For the functionality improvements: If it works don’t fix it. If you don’t need the aditional functionality you don’t need to update it And some updates do actually break the app. You can read a lot of reviews of users on a lot of apps in google play for example.

    For critical security updates: not all users are computer/technologically savvy. They just don’t understand it so they don’t bother.

    Some just can’t update because their devices are too old and new OS versions are not compatible with their device.

  5. last tuesday I got a top of the range Honda from earning $16020 this last four weeks and also ten-k last-month . this is definitely the coolest work I have ever done . Without any question it’s the most financially rewarding Ive had . I started this 4 months ago & practicaIIy straight away began to bring home over $97 p/h .Visit weblink to start immediately.
    ..y3g…
    ➤➤➤➤ http://GoogleExtraPayingTopJobssuperiorEmploymentProjects/Get/Start/Today… ✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱✱

  6. A lot of people don’t like automatically updating their systems because Microsoft is famous for messing up and/or bricking computers with some of their updates, not to mention sneaking intrusive features and data onto people’s systems without their knowledge. That is why some people are wary of updating, especially until they get the news that it won’t screw things up, or doesn’t contain something that they don’t want on their system. The first time your system gets hit with a funky update that makes it unstable or slow to a crawl (or dumps a bunch of private info on someone’s server), you might feel a little differently about it. Not to mention that what Microsoft considers an improvement in functionality, others might consider total crap (which is more likely than not).
    Unfortunately, Microsoft has done, and is doing, a lot of things that has really degraded people’s trust and respect in them (and rightfully so). Many people just don’t trust them or their intentions anymore, and are therefore wary of what they might try to sneak into a simple update. It’s a product of their own doing. The most recent of a long line of decisions that have hurt their reputation and image as a company are: Intrusive telemetry features, renting their office suite to people, locking BIOS’s, locking OS to the motherboard, storing encrypted keys on their servers, feature creep, using people’s systems as their own personal server system to send and receive data (such as the OS itself), which runs peoples electric bills up, eats away at their data caps, and reduces the expected life span of the machine(and all without most people knowing it).
    If they hadn’t screwed up so much in the past (and present) and done so much to degrade their customers trust in them, they probably wouldn’t have so many problems with people updating, but they have, and because of that people don’t.