StageFright 2.0 : Billion Android Devices Vulnerable - A Few Thoughts..

Stagefright 2.0: Billions of Devices Vulnerable to Android Hack. Discover the impact of this major mobile security threat on Hackcave.net.

StageFright 2.0 : Billion Android Devices Vulnerable
Image credits: androidauthority

Introduction

In the beginning, there was phone and then it became smart, it could feel our gentle touch and it became human like -Android. For a time, it was all good. So many apps for anything like getting rid of mosquitoes, making your dog sleep and for apparently for everything not to mention the updates which gets sweeter every year,and above all.....

It is built on linux kernal they said..
It doesn't need antivirus they said..
It is more SECURE they said..
Gets fucked by StageFright Bug -They never said!   ;( 

And Somebody said Android is a big pile of code -I didn't gave a shit then.


BUT Now..

StageFright


Once again the android security is under question,thanks to Stagefright Bug 2.0 Well, StageFright Bug is a found to affect almost all versions of android,right from the 2.2 to 5.1 Lollipop,which accounts for nearly one billion Android smartphones and tablets. This vulnerability was found by Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It was scarry as it could let hackers to hijack Android smartphones with just a simple text message !
The vulnerability exists in a core Android component called "Stagefright," which is a multimedia playback library used by Android to process, record and play multimedia files.

StageFright 2.0 !


This time it is even worse! According to the findings of Joshua Drake this vulnerability can be exploited in several other ways,not just hacking users through text message. This new flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4.

Here is how it works..


Elder to first stagefright bug,both the newly discovered vulnerabilities also reside in the Android Media Playback Engine and affects all Android OS version from 1 to latest release 5.1.1. That's Awesome!

And the happy news is that merely previewing a maliciously crafted song or video file would execute the Stagefright Bug 2.0 exploit, allowing hackers to run remote codes on the victim's Android device. (Imagine you send your enemy a Justin Beiber Song link and ..BOOM! )

New Attack Vectors

No that isn't the worst Part: New Attack Vectors found.

Just like android apps and features,it's bugs also comes with choices and diversity. One can unleash hell in a droid by more than one ways,which are as below.
  • · Webpage
  • · Man-in-the-middle attack
  • · Third-party media player
  • · Instant messaging apps
As per Zimperium Blog an attacker could attempt local privilege escalation to take complete control of the device once hacked which is pretty great. I remember a quote:

“Google takes no responsibility to update customer devices and refuses to take responsibility to update their devices, leaving end users and businesses increasingly exposed every day they use an Android device.” (Terry Myerson,Windows chief )

Conclusion

And The Solution?(Apart from Ditching Your Android Device..) 

Security Update is expected on 5th October 2015,by google. Google has already shared vulnerability report and patches with OEM Partners on Sept. 10. So you might be receiving patches soon from your Android device manufacturer,if you are lucky. So you can test your patience before switching to windows phone or blackberry.  (Sorry iPhone I hate you more :P )

COMMENTS

Name

Ad Network,3,adb,1,adblocker,1,Adblocker alternative,1,Adobe Flash Zero Day,1,Adware,1,Android,2,Android Reverse Engineering,1,Android vulnerability,3,Anonymous,1,Anonymous Browsing,2,Apple Hacking,2,Arp Poisoning,1,authentication bypass,1,Automated Tank Guage,1,Automatic Footprinting tool,1,backdoor credentials,1,BadWinmail,1,Banking trojan,1,bcmon,1,Best Adblocker,1,Best free cloud storage,1,Best Password Manager,1,Best TOR Alternative,1,Best VPN Provider,1,best VPN Rating,1,Bettercap,1,Bettercap tutorial,1,BitTorrent,1,BitTorrent Protocols,1,Browse safely,1,Car Hacking,1,Carbanak,1,ChatGPT,1,CIA,1,Circuit Fingerprinting.,2,cleartext cloud API,1,CloudFlare,2,Cobalt Strike,1,Covert Pentesting,1,Cracking Encryption,1,Cracking HTTPS,1,crapware,1,Credential Stealing,1,Credentials Sniffing,1,CreeHack,1,CryptDB,1,cryptography,2,cSploit,1,CSRF,1,custom recovery,1,Cydia,1,cygwin,1,Cypher System,1,Data Breach,1,Data Exfiltration,1,DDoS,2,DDoS Attack,3,Decrypting Tor traffic,1,Deep Web,1,DEF CON 23,2,disk encryption,1,DLL Injection Attacks,1,Dnstool,1,download torrents directly,2,DrDoS,1,DriveDroid,1,DuckHunter HID,1,Elevation Of Privilege,1,encryption,2,Ettercap,1,Exitmap,1,Exploitation,2,Fanny Worm,1,Financial APT,1,Flash Alternative,1,Forgot Windows Password.,1,fraud,1,Free Cloud Storage,1,Free LastPass Premium,1,Free Uptobox Premium Account,1,Free VPN,1,Free Zbigz Premium Account,2,Freedom App,1,GasPot,1,GenAI,1,GitHub,1,Giveaways,4,Hack Android,3,Hack Android Games,2,Hack Android In-App Purchase Non Root,1,Hack Cave,18,Hack Clash Of Clans,1,Hack Email,1,Hack Outlook,1,Hack Subway Surfer,1,Hack WiFi Android Without bcmon,1,Hack Windows 10,1,hacking android,6,hacking android pattern lock,1,Hacking Android PIN,1,Hacking Android Through Sound Waves,1,Hacking Cloudflare,1,Hacking CryptDB,1,Hacking electronics,1,Hacking embedded systems,1,Hacking Fridge,1,Hacking Gmail,1,Hacking IoT,1,Hacking KeePass,1,Hacking News,3,Hacking PayPal,1,Hacking Refrigerator,1,Hacking Team,1,Hacking tools,3,Hacking Tricks Android,5,Hacking WiFi With Android,3,Hacking Windows,4,Hacking Windows Password,1,HardSploit,1,HID Attack,1,Homomorphic Encryption,1,Honeypot,1,HORNET,3,How to hack baby monitors,1,How to hack gmail?,1,How to hack IoTs,1,How to hack MAC OS X,1,How To Hack WhatsApp,1,how to install kali nethunter on any android device,1,How Tor Works,1,HTML5,1,ICS,1,Immobilizer,1,Increase Download Speed,1,Information Gathering,1,Install NetHunter,1,Install NetHunter for any Device,1,Internet Of Things,1,Internet Privacy,2,Introduction To Penetration Testing,1,iOS 9,2,iOS hacked,1,IoT,3,IoT Security Audit Tool,1,Jailbreaking,1,Kali Linux,2,kali linux nethunter for android,1,Kali NetHunter,4,Kali NetHunter Nexus 5x,1,Kali NetHunter Sony,1,kali nethunter windows installer,1,KeeFarce,1,Kemoge,1,LastPass Premium Giveaway,1,LastPass Premium Subscription 2016,1,lenavo,1,LinkedIn,1,Lizard Squad,1,Lizard Stressor,1,LLama3,1,LSE,1,Mabouia,1,Mac OS X Hacking,1,Malicious JavaScript,1,Malware,4,Man In The Middle Attack,4,MANA Wireless Toolkit,1,Megamos Crypto Transponder,1,MITM,5,Mount Manager Bug,1,Mozilla Firefox,1,MSOffice,1,Netflix,2,Netflix Stethoscope tool,1,NetHunter Devices,1,nethunter install guide,1,NetHunter Nexus 5x,1,NetHunter Tutorial Nexus 5x,1,nethunter tutorial pdf,1,Nord VPN,1,nsISpeculativeConnect,1,NTP Vulnerability,1,Offensive Security,1,Office Exploit,1,OLE,1,Onion Encryption,1,Onion Routing,1,OpenSource,2,Outlook Exploit,1,Overt,1,Penetration Testing,1,Penetration Testing Tutorial,1,Penetration Testing With KaliLinux,1,Penetration Testing With Metasploit,1,Pentest Report,1,Phases Of PenTesting,1,Phishing,1,PINlogger,1,Post Exploitation,1,PowerMemory,1,PowerShell,1,pre-fetch,1,Prevent In-App purchase hacks,1,Privacy,1,Private VPN,1,privilege escalation,2,Python,1,Quantum Cryptographic Communication,1,quantum physics,1,ransomware,2,read forbes with adblock,1,read toi with adblock,1,Reaver,1,Reflected File Download Vulnerability,1,Reflective,1,Reflective DDoS Attack,1,Remote Code Execution,2,Remote exploit,2,remove ads toi,1,RfA,1,RFD,1,RFID,1,RIFFLE Tor Alternative,1,RIPv1 Protocol,1,Root Nexus 5x,1,Rooting,2,Rootkit,1,Router Keygen,1,SCADA,1,SEA,1,Searchsploit,1,Security News,40,Security Tools,5,Selfhosted,2,Shodan,1,SilverPush,1,Sleepy Puppy,1,Smartphone Sensor hack,1,Smartphones,4,Smartphones hacking,1,soft and hard brick,1,speculative connect API,1,SpiderFoot,1,Sponsored,1,StageFright,2,StageFright 2.0,1,stethoscope tool implimentation,1,Stored XSS,2,StuxNet,1,Superfish,1,surveillance,1,Task hijacking Attack,1,TCP injection.,1,The Basics Of Penetration Testing,1,The Hacking Team,1,Threat Modeling,1,Tor,3,TOR Alternative,4,Tor Exit Relay,1,Tor Guard,1,Tor Hacked,3,torrent to direct converter,2,torrent to IDM,1,tow factor authentication,1,Trend Micro,1,Tutorial,11,TWRP,1,TWRP Nexus 5x,1,Types Of Pentest,1,Types Of XSS Vulnerability,1,uBlock,1,Unlock Bootloader guide,1,Unlock Bootloader Nexus 5x,1,unlock pattern lock android,2,User Focused security,1,VPN Reviews,1,Vulnerability,3,Vulnerability Analysis,1,Vulnerability scanners,1,What is Kali NetHunter,1,WhatsApp Encryption,1,WhatsApp Hacking,1,Whatsapp phishing,1,WhatsApp Vulnerability.,1,WikiLeaks,1,Windows Backdoor,1,Windows Debuggers,1,XcodeGhost,1,Xss,3,XSS Scanner,1,XTEA,1,Zbigz cookie generator,1,Zbigz premium account no survey,1,Zimperium,1,
ltr
item
Hack Cave | Hacks unveiled: StageFright 2.0 : Billion Android Devices Vulnerable - A Few Thoughts..
StageFright 2.0 : Billion Android Devices Vulnerable - A Few Thoughts..
Stagefright 2.0: Billions of Devices Vulnerable to Android Hack. Discover the impact of this major mobile security threat on Hackcave.net.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGJ8VVlm08lVK8Sp5zIYf3VUg9YJI11IZOhC1wvUg22aH6eToplcn1tmTCNSFdykIxRseAb7wxIL9WZFsyVIjJyxQthYVlwbhtkxFmh0jT-1cjND4gMgiSsh44F5Aq5VrnYIA7Am_4c9kC/w640-h480/android+hack.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGJ8VVlm08lVK8Sp5zIYf3VUg9YJI11IZOhC1wvUg22aH6eToplcn1tmTCNSFdykIxRseAb7wxIL9WZFsyVIjJyxQthYVlwbhtkxFmh0jT-1cjND4gMgiSsh44F5Aq5VrnYIA7Am_4c9kC/s72-w640-c-h480/android+hack.jpg
Hack Cave | Hacks unveiled
http://www.hackcave.net/2015/10/stagefright-20-billion-devices.html
http://www.hackcave.net/
http://www.hackcave.net/
http://www.hackcave.net/2015/10/stagefright-20-billion-devices.html
true
398744729202641828
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content