Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
New research has discovered that millions of Android users may be at risk due to a previously discovered vulnerability that was thought to have been fixed.
According to security research firm NorthBit, at least 275 million Android devices may be vulnerable to hackers. The group recently released a research paper explaining a new way to exploit a weakness in Stagefright, Android’s media server and multimedia library.
Read more: Android phones can be hacked with one simple text
According to NorthBit, if a user accessed a malicious website, the vulnerability could allow hackers to gain access to data and functions on the device. And while the original Stagefright exploit was described as the ‘worst ever discovered,’ this new one allows an attacker to hack Android smartphones in just seconds — by tricking users into clicking on a website that contains a malicious multimedia file.
Google has patched the vulnerability twice before, after originally being discovered in 2015.
NorthBit says hackers could effectively attack any device running Android versions 2.2 through 4.0, 5.0 and 5.1 — using the new exploit the group has named ‘Metaphor.’
Read more: How to fix a smartphone infected with ransomware
But while the risk arises when a user clicks on a page containing malicious multimedia, NorthBit says you don’t even have to watch the video to get hacked.
“The vulnerability is in media parsing,” according to the research. “Which means that the victim’s device doesn’t even need to play the media.”
Parsing is when the device retrieves information about the media file.
According to the study, the attack is most effective on Google’s Nexus 5, but it also works, with some modifications, on HTC One, LG G3 and Samsung S5.
“The victim also has to linger for a time in the attack web page,” NorthBit researchers wrote. “Social engineering may increase effectiveness of this vulnerability.”
The latest version of Android, 6.0 Marshmallow, blocks this vulnerability.
Here’s a video the group put together explaining how it works:
This post was last modified on March 22, 2017 3:53 pm
Deciding to save and invest are great habits. But once you check that box, your…
If you're considering subscribing to Fubo, you need to be comfortable missing out on some…
Are you looking for a way to earn 2% back on every purchase you make…
You're not alone if you're running a balance on your credit cards. Collectively, Americans are…
A big part of saving money comes down to knowing how to comparison shop. But…
If you work for a big company as a full-time employee, chances are you have…