The android users are facing to the capacities of hacking their devices at any time. Stagefright is one of the most terrible vulnerabilities in the history which was discovered in the Android operating system. With this vulnerability, the hackers can attack easily your devices remotely by sending a message or the link to the multimedia files (Mp3, Mp4,.)
Although Google and the manufacturers usually have released the patch updates more frequently, but a new generation of the stagefright has effects on a million smartphone in all over the world. This exploitation technique called the Metaphor stagefright.
Using the Android smartphone, you can be hacked in just 10 minutes
According to the video of illustration of the professionals in the mobile application development company, the Metaphor exploring technique can infiltrate successfully in the Nexus 5 in just 10 seconds. The other smartphone like S5, LG G3, and HTC 1 also can become the attack method easily that is very dangerous and sophisticated.
Specifically, the metaphors will exploit the vulnerabilities CVE 2015-3864 which surpass the ASLR (address – space layout – randomization) – a memory protection mechanism on the Android operating system as follows:
Step 1: Hacker usually cheats the users by logging into a malicious link, consisting of the error videos files to crash the multimedia software media server of the Android. Of course, the video players have to restart.
Step 2: when the media server restarts, the javascript on the website will send the information to the host device of the hacker.
Step 3: the host of the hacker will send back another video file that attaches the malicious malware with the purpose of exploiting the vulnerability on the device stagefright. After infiltrating successfully, the hackers have a full power to monitor and control the Android device.
Thus, with just a spam like with the multimedia content to stimulate the curiosity for the users to click (18+, advertisement...), the hacker will fish the ignorant. For the android users, the video player sometimes is crashed normally until they can discover the data or personal information stolen by the bad guys, it was too late.
To overcome this serious problem, google has released the security update, patching the vulnerabilities of the stage fright on the Android 6.0, as well as committing to updating for the older version of the Android regularly in the near future.
Reference: thehackernews
