Just when people exhaled a breath of relief, another cyber security threat reared its ugly head in front of them. The threat online users are up against this time is called Stagefright. Ring any bells? Yes, it is an old vulnerability re-born with the same purpose of stealing your device’s data, hijacking the OS and destroying the device entirely.
A Little Background & Foreground
The threat was brought into light last year in the month of July. Stagefright – the vulnerability is as dangerous as it had been all along. A security research group from Israel had claimed that it had exploited the threat last year, which had provided Android users the opportunity to once again become worry-free about their online security.
However, what is very frightening today, after the re-birth of this threat, is that millions of Android devices are vulnerable against cyber criminals and surveillance agencies. There’s one more thing that would scare users even more – Stagefright exploit will allow a hacker to get control over your Smartphone in merely 10 seconds!
So How Does it Really Work?
Here’s how the exploit works:
Step 1: A user is tricked into visiting a malicious webpage that contains a video file. Upon playing that file, the Android mediaserver software is crashed, resulting in resetting its internal state.
Step 2: After the mediaserver is restarted, Javascript on the webpage sends info about the victim’s device over the internet to the attacker’s server.
Step 3: A custom generated video file is sent to the affected device by the attacker, exploiting the Stagefright bug to get more information about the Smartphone’s internal state.
Step 4: The acquired information is sent back to the attacker’s server to create another video file that embeds a payload of malware in it. Once it is processed, it gives the attacker complete access to the victim’s device – all within 10 seconds.
How to Avoid Falling Victim to the Stagefright?
Not falling into the trap of Stagefright exploit isn’t too difficult. All you have to do is avoid visiting web pages that are sent to you by sources you don’t trust. Even if you have visited a webpage and just realized that it seems a bit unsafe then it is still not too late; just close the browser tab and continue what you were doing before visiting that link.
By the way, Stagefright exploit is only dangerous for Android versions 2.2 to 4.0 and 5.0 to 5.1 and rest of the versions are safe from this vulnerability.
PureVPN
June 20, 2023
3 years ago
