New Stagefright exploit ready to spy on Android devices

Hexamob | Alberto Mulas 03/21/2016

Stagefright is a library written in C++ which is integrated into the Android operating system and allows you to assist the reproduction of audio and video content. We have inform you in recent months about Stagefright -thanks to the freedom granted by Android- and we know it can be targeted with different types of attack.

Google has resolved all known vulnerabilities that plagued the Stagefright library but a large number of mobile devices are still without any kind of protection. We are talking about all the Android devices that are no longer supported by their manufacturers and therefore never receive a security update.

Some medium-low-end devices, then, are born in the old sense when the operating system is in fact never updated. This means that any of the vulnerabilities discovered after the date of release of the Android mobile device in the market it may remain unresolved and could remain on your smartphone, in the phablet or tablet user forever. The technicians of Israeli society NorthBit have developed a new exploit code that exploits vulnerabilities of Stagefright already known and in particular the one named CVE-2015-3864 to run malicious code on the victim’s mobile device.

New Stagefright exploit ready to spy on Android devices 1

That’s why, Nexus devices are receiving a new update of the Android operating system security by Google. Usually the Mountain View giant releases an update per month for security since it showed the existence of dangerous vulnerabilities that threaten security, privacy and personal data of users. Just think of the Stagefright vulnerability that has plagued all Android devices, and allowed hackers to take control of smartphones coming into possession of user data. Exceptionally, this is the second update of March for Nexus devices, since BlackBerry Priv was the first device to receive the security update each month.

The design of the release of the second update stems from the fact that this new Stagefright exploit may allow attackers to enter the devices. It would have been a risk according to Big G, because the existence of this exploit has already been made public. If you are owners of Nexus devices should receive the update soon now or over the air, so with a simple notification in the status bar. As for smartphones and tablets from other brands, they will have to wait for April.

New Stagefright exploit ready to spy on Android devices