New ‘Stagefright’ attack makes nearly every Android phone vulnerable to hackers

A patch is in the works.


Patrick Howell O'Neill


Published Oct 1, 2015   Updated May 27, 2021, 9:22 pm CDT

Over one billion Android phones and other devices are vulnerable to a new attack allowing hackers to exploit the way Android processes multimedia, according to security firm Zimperium.

Featured Video Hide

Dubbed Stagefright 2.0, the vulnerability centers around the way Android deals with the metadata of MP3 audio files and MP4 video files on malicious websites.

Advertisement Hide

If a hacker successfully exploited the vulnerability, they could execute unauthorized code on a victim’s device.

Stagefright 2.0 affects “almost every Android device” from version 1.0 to 5.1.1, the latest release, according to Zimperium.

Even previewing the media files triggers the exploit. Google is scheduled to release a fix on Oct. 5, according to Computer World.

Zimperium also found the original Stagefright vulnerability earlier this year, an exploit affecting over 950 billion devices that allowed phones to be hacked with a single text message.

H/T Motherboard | Illustration by Max Fleishman

Share this article
*First Published: Oct 1, 2015, 1:12 pm CDT