• Home
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
  • Events
  • Resources
  • SMB Spotlight
  • Newsletters
  • Sign in
  • Events
    • Follow V3 Events

      Sign up to receive email alerts about our events

      Sign up
  • Resources
    • V3resources 120x194
      Network Security Forensics For GDPR Compliance

      An effective network security forensics strategy can assist an organization in providing key compliance-related details as part of any post-incident GDPR investigation.

      Download
      V3resources 120x194
      10 ways to increase productivity with managed Office 365

      For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • SMB Spotlight
  • Sign in
  •  
    •  

      You are currently accessing V3 .co.uk via your Enterprise account.

      Personalise your on site experience

      Download and use the apps

      Access your subscription from outside of the office

      Get relevant news and insight straight to your inbox

      • Sign in
     
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
  • Follow us
    • RSS
    • Twitter
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
 
  •  

    You are currently accessing V3 .co.uk via your Enterprise account.

    Personalise your on site experience

    Download and use the apps

    Access your subscription from outside of the office

    Get relevant news and insight straight to your inbox

    • Sign in
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
V3.co.uk
  • Security

Stagefright 2.0 Android flaw leaves a billion users open to attack

Latest malware bypasses Google patches to attack web browsers

Stagefright Android
Stagefright 2.0 Android flaw could leave up to one billion users open to attack
  • Jason Murdock
  • Jason Murdock
  • @Jason_A_Murdock
  • 02 October 2015
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

Two new Stagefright vulnerabilities have been uncovered in Google's Android software which potentially leave up to one billion users at risk, according to security researchers at Zimperium Labs.

Stagefright 2.0 can allow hackers to remotely compromise mobile and tablet devices running Android and is triggered by specially crafted MP3 audio or MP4 video files.

The first new vulnerability, found in the ‘libutils' library and assigned CVE 2015-6602, affects every Android version since 1.0, released in 2008.

However, the researchers also discovered that a second security flaw in ‘libstagefright', a library used by Android to process media files, affects all devices running version 5.0 and up.

Zimperium explained that the attack style has changed since the first iteration of Stagefright. "The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue," the team said.

"Since the primary attack vector of MMS has been removed in newer versions of Google's Hangouts and Messenger apps, the likely attack vector would be via the web browser."

The researchers warned that the flaw can also allow hackers to launch man-in-the-middle attacks and intercept communications on a network.

Google told V3: "As announced in August, Android is using a monthly security update process. Issues, including the ones Zimperium reported, will be patched in the October Monthly Security Update for Android rolling out 5 October and will be posted about on our blogs."

The original Stagefright was fully disclosed in August by Joshua J. Drake, vice president of research at Zimperium, and affected up to 950 million devices.

Following the discovery, Google, Samsung and LG started rolling out patches in an attempt to fix the Stagefright flaw.

Mark James, IT specialist at security firm ESET, explained that the new variant of Stagefright contains some key differences.

"The first version of Stagefright required some information, namely your mobile number, to be able to send the text message to your device," he said.

"This new version does not need to know any of your information to be successful; merely visiting the website and previewing the malicious file could trigger the use of the vulnerability.

"There are so many methods used these days for infecting the unsuspecting end user that you must think twice before clicking that link. We all know there is nothing for free in this world. Everything comes at a cost and your private data is worth a lot more than a free music or video file."

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • malware
  • Android
  • Google

V3 Latest

MPs demand answers from TSB over online banking 'meltdown' following platform migration
MPs demand answers from TSB over online banking 'meltdown' following platform migration

TSB IT fiasco has "all the hallmarks of an IT meltdown", claims Treasury Committee chair Nicky Morgan MP

  • Communications
  • 24 April 2018
Apple and Ireland tax appeal to take place in September
Apple and Ireland tax appeal to take place in September

The first appeals over Apple's Irish taxes will take place in the autumn, confirms Ireland's finance minister

  • Government
  • 24 April 2018
German flying taxi firm headhunts Mini designer Frank Stephenson
German flying taxi firm headhunts designer of modern Mini and Fiat 500

Stephenson will design the inside and outside of the futuristic Lillium jet.

  • Strategy
  • 24 April 2018
Facebook publishes new content guidelines
Facebook publishes new content guidelines

The new policy is aimed at making the social network a safer place

  • Social Networking
  • 24 April 2018
Back to Top

Most read

Citrix launches lawsuit against Workspot over claims of patent infringement
Citrix launches lawsuit against Workspot over claims of patent infringement
 china-map-flag.jpg
China's Great Firewall: How it works and what it reveals about China's plans
Apple and Ireland tax appeal to take place in September
Apple and Ireland tax appeal to take place in September
Facebook publishes new content guidelines
Facebook publishes new content guidelines
German flying taxi firm headhunts Mini designer Frank Stephenson
German flying taxi firm headhunts designer of modern Mini and Fiat 500
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017