Latest Stagefright ‘Metaphor’ Leaves Millions Of Android Devices Vulnerable

Latest Stagefright ‘Metaphor’ Leaves Millions Of Android Devices Vulnerable
Photo Credit: TechStage via Compfight cc

Updates are important for staying secured against dangerous attacks of bugs and malwares, especially if you are an Android user. Right now, more than ever, you should go for an update as there is a threat to Android devices: Stagefright.


Stagefright is the name for the software library used by Android to parse videos and other media. Once this is exploited it can be booby-trapped with malicious messages or make a website install and run harmful codes on vulnerable devices, reports The Register.

The latest successful exploitation of Android’s Stagefright bug has been done by a team of security researchers from Israel. The discovery can leave millions of devices vulnerable to attacks. NorthBit, the Israeli software research company, claims to be the one that has “properly” exploited the said Android bug – which is initially thought of as the “worst ever discovered.”

The research team has detailed their exploitation, which they are calling “Metaphor,” in a research paper. The researchers have also released a video showing the exploit running on a Nexus 5 device. The team also claims that it had successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.

Like us on Facebook

NorthBit co-founder Gil Dabah also told Wired that during their research they had “managed to get it [the attack] to the level of production grade, meaning that everyone – both the bad guys and good guys, or governments – could use our research in order to facilitate it in the wild.” They also said that by “using the same vulnerability, it is possible to gain arbitrary pointer read to leak back to the web browser and gather information in order to break the ASLR (address space layout randomisation).”

Meanwhile, The Inquirer adds that the exploit can be used against Stragefright on Android versions 2.2, 4.0, 5.0 and 5.1, which only leads to millions of devices being at risk. Originally, Gadgets 360 reports that the first Stagefright bug was first discovered in July by the Zimperium Mobile Security.

This has been fixed through a patch that was released by Google. However, it was far from decent, as security researchers have found several flaws in the said patch. Then, just this October, Stagefright 2.0 was detected and like the first one, a patch was also released for it and has left the search engine firm spooked even more so than the first one. The tech giant now has to deal with the recent Stagefright exploitation and the possible breaches and solutions that come with it. Good luck, Google!

Also Read: Hack Chromebook And Receive $100K Says Google

For more technology news, you can subscribe to our newsletter. If you are a social media junkie and would like to receive updates on your timeline, then you can also like us on Facebook or follow us on Twitter.