Google has been battling the Stagefright bug for a while now on Android and while it seemed to dip back into the shadows for a while, it seems to have jumped back into the spotlight this week thanks to a new exploit. According to security firm, Northbit, a new attack known as ‘Metaphor’ can allow a hacker to remotely access a few devices including the LG G3, HTC One, Samsung Galaxy S5 and the Nexus 5.
The research group tested the exploit on those devices and went on to note that it can be used on Android 2.2, 4.0, 5.0 and 5.1 so quite a few devices could potentially be at risk without a security patch.
Speaking with Wired, the researchers said: “Our research managed to get it the attack to the level of production grade, meaning that everyone – both the bad guys and good guys, or governments – could use our research in order to facilitate it in the wild. We managed to exploit it to make it work in the wild. Using the same vulnerability, it is possible to gain arbitrary pointer read to leak back to the web browser and gather information in order to break the ASLR (address space layout randomisation).”
KitGuru Says: Google has been focussing more and more on keeping Android secure in recent times so now that this exploit has been brought to attention, we will likely see it fixed fairly quickly.