Article Lead Image

New ‘Stagefright’ attack makes nearly every Android phone vulnerable to hackers

A patch is in the works.


Patrick Howell O'Neill


Posted on Oct 1, 2015   Updated on May 27, 2021, 9:22 pm CDT

Over one billion Android phones and other devices are vulnerable to a new attack allowing hackers to exploit the way Android processes multimedia, according to security firm Zimperium.

Dubbed Stagefright 2.0, the vulnerability centers around the way Android deals with the metadata of MP3 audio files and MP4 video files on malicious websites.

If a hacker successfully exploited the vulnerability, they could execute unauthorized code on a victim’s device.

Stagefright 2.0 affects “almost every Android device” from version 1.0 to 5.1.1, the latest release, according to Zimperium.

Even previewing the media files triggers the exploit. Google is scheduled to release a fix on Oct. 5, according to Computer World.

Zimperium also found the original Stagefright vulnerability earlier this year, an exploit affecting over 950 billion devices that allowed phones to be hacked with a single text message.

H/T Motherboard | Illustration by Max Fleishman

Share this article
*First Published: Oct 1, 2015, 1:12 pm CDT