It's back. Stagefright malware are two words that have plagued Android users for quite some time now, and every time it pops up, Google releases a patch to put it in its place. Everyone thought it gone after Google's most recent fix, but like a bad cold, it just won't go away.

The unfortunate news comes via a team of security researchers at Israeli firm NorthBit, who have developed a a proof-of-concept Stagefright exploit dubbed Metaphor, which proves that the Stagefright security flaw is still alive and kicking.

As mentioned before, the security flaw has been around for some time now. The key, however, is that while it is theoretically dangerous, due to the difficulty of implementing it on an Android device in a reliable way, it was never really risky in practice. Was.

Working on Android versions 2.2 through 4.0 and 5.0 and 5.1, as well as extending to customized Android variants found on phones like the HTC One, LG G3 and Samsung Galaxy S5, the researchers found that the exploit works by utilizing the back-and-forth procedure that gauges a device's defenses. If a user visits a website with a mlaciously designed MPEG-4 video, the attack will crash Android's media server, send hardware data back to the attacker, send another video file, collect additional security data and deliver one last video file that actually infects the device.

The process seems tedious, but the time it takes to work is faster than the time it takes to explain the process - clocking in at about 20 seconds on average.

However, researchers have discovered two weaknesses with the exploit. The first is that it requires a different code for each type of mobile handset, making  a universal exploit infeasible. The second is if you're running Android 6.0 Marshmallow or any other up-to-date OS version that's patched against Stagefright, then you're already protected.

Google confirmed as much in an emailed statement, saying, "Android devices with a security patch level of October 1, 2015 or greater are protected because of a fix we released for this issue (CVE-2015-3864) last year. As always, we appreciate the security community's research efforts as they help further secure the Android ecosystem for everyone."

The only caveat is that an Android user has to have Marshmallow or another up-to-date OS. Either way, if your device is relatively recent, then you're safe. On the other hand, if your phone is a somewhat outdated then you might be in a bit of trouble.

The proof-of-concept was documented by NorthBit here.

@ 2024 HNGN, All rights reserved. Do not reproduce without permission.