A massive security flaw dubbed Stagefright (illustrated) has returned for a third time. The newest version, also referred to as Metaphor, tricks a user into visiting a hacker's web page, containing a malicious file that infects a phone. Since it was

A software research firm has determined at least 275 million Android phones are vulnerable to attack through infected videos.

With certain variations, the user does not even have to watch a video, according to NorthBit, which conducted the research and released its study March 13.

“The vulnerability is in media parsing,” according to the research. “Which means that the victim’s device doesn’t even need to play the media.”

Parsing is when the device retrieves information including the video length, artist name and title.

The study looked at Android versions 2.2 to 4.0 as well as 5.0-5.1. The attack works best on Nexus 5 but was also tested on HTC One, LG G3 and Samsung S5, although modifications were needed for the exploit to work.

“The victim also has to linger for a time in the attack web page,” NorthBit researchers wrote. “Social engineering may increase effectiveness of this vulnerability.”

The software research company put together a video showing how it works.

 
 
 
 

Subscribe to comments feed Comments (0 posted)

total: | displaying:

Post your comment

  • Bold
  • Italic
  • Underline
  • Quote

Please enter the code you see in the image:

Captcha