Click to Skip Ad
Closing in...

The world’s biggest Android vulnerability just got even worse

Published Oct 1st, 2015 12:53PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Sorry, Android users: News about the Stagefright vulnerability isn’t getting any better. Motherboard’s Lorenzo Franceschi-Bicchierai brings us word that Joshua Drake, a researcher at Zimperium zLabs, has found a new Stagefright vulnerability that lets hackers break into your phone just by tricking you into visiting a website that contains a compromised MP3 or MP4 file. And just like the first Stagefright vulnerabilities uncovered, this new one affects almost every Android device now in use around the world.

DON’T MISS: How someone acquired the Google.com domain name for a single minute

“I cannot tell you that all of the phones are vulnerable, but most of them are,” Drake explained to Motherboard. “All Android devices without the yet-to-be-released patch contain this latent issue.”

And sadly, there’s no guarantee that your phone will get this patch in a timely fashion given how fragmented the Android upgrade process is.

How does this vulnerability work? Basically hackers have to trick you into opening a webpage with a malicious MP3 or MP4 file on it — and you don’t even have to download the file to be affected by it, as just previewing the malicious audio or video file is enough to give the hacker access to your device.

To learn more about this major vulnerability, check out Motherboard’s full report here.

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.