Android by Google (Photo : REUTERS/MARK BLINCH)
Android Stagefright is back and security experts are warning that the 2.0 version can potentially compromise the security of more than one billion of active Android devices. If infected by the vulnerability, attackers can remotely execute malicious codes on targeted smartphones and tablets.
While there is no reported Stagefright 2.0 infection to date, Android device users are advised to exercise caution and to best protect their security it is essential to know what Stagefright is and how it operates.
Here are the must-know details:
What to watch for?
The first Stagefright was designed to gain entry via MMS sent to Android devices but this mostly has been resolved. Version 2.0 is cloaked this time as MP3 or MP4 files that unsuspecting users are lured to download.
But according to Android Central, security firm Zimperium, which detected the new vulnerability, has clarified that mere click on a sugar-coated link of preview of an infected file will open the door for attackers to do their job - execute the hidden malicious codes.
What Stagefright can do?
With the codes unpacked, attackers can remotely takeover or hijack a device. That would mean bumping off users from the driver's seat of a tablet or smartphone, effectively exposing their privacy and breaching their security.
Who are in danger of possible compromise?
As reported by ArsTechnica, over a billion Android devices are at risk. Practically no smartphone or tablet running on Android is safe as Stagefright is written to infect from Android 1.0 to Android 5.0 and up.
What to do to stay safe?
There are three things to do to keep out of trouble, Android Central said. First is to beef up mobile security by installing anti-virus apps and the use of two-factor authentication when logging in is surely a security boost.
It is prudent too to stay away from websites that offer free media file downloads. And if possible, users should keep to their private mobile connection - a Home Wi-Fi network or a cellular internet access. Public networks - cafes, bus stations and airport - are very much open to potential exploits.
Will a patch arrive anytime soon?
Zimperium has already alerted Google on the matter and the Android maker has set a security update in the coming days, ArsTechnica said. Note, however, that the patch will be absorbed first by Nexus devices and branded Android devices will need to rely on the updates that will be provided by handset manufacturers. While waiting, it's best to note and practice the safeguard tips mentioned above.
