The days of cute kitten videos may be over for Android users if you have not paid attention to security updates. According to a recent study conducted by Northbit, a software research firm, some 275 million Android phones are vulnerable to an attack that uses infected online video files to spy on the devices.
The type of hack is referred to as Stagefright and first hit headlines in 2015. At the times, it was categorized as “worst Android vulnerabilities discovered to date.”
It works by luring the victim in via a carefully crafted web page or SMS, which contains a malicious MP4 video file. When the file is opened by the user it crashes Android’s multimedia system, forcing it to reboot. Once it has restarted, a malicious piece of code is then hosted on the device, which sends private user data back to the servers of the hacker.
The attack works on Android versions 2.2 to 4.0 and 5.0 to 5.1. The hack was successfully tested on the Nexus 5 with a stock operation system and, after slight modifications, it was successful on the HTC One, LG G3 and Samsung 5. That is also the limitation of the attack—the infected website needs to be designed to hack the specific model and Android version the victim uses, which makes it less practical for hackers.
For the full report Click Here.