Metaphor : This Remote Android Exploit Hacks Your Phone In 10 Seconds

A remote Android hacking exploit named Stagefright — also known as Metaphor — has arrived and because of it, millions of Android devices are directly under threat. If you are an Android user, you should be careful about it. Know how this works and how easily it can hack an Android phone in just ten seconds.
There are a series of simple steps that allow Stagefright to take control of an Android phone and they work something like this:
  • It tricks users into visiting a hacker’s web page.
  • The hacker’s web page contains a malicious multimedia file.
  • Once the user downloads the malicious multimedia file, it resets the internal state of the phone.
  • The attacker’s server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device’s internal state.
  • Using the information sent by the exploit to the hacker’s server, a hacker is easily able to control your smartphone.
If you use a phone with Android operating system, you should think twice before visiting any fishy-looking websites. Even if they promise just cute kitten videos.

275 Million Android Phones Exposed to New Hack, Security Firm Says

Some 275 million Android phones are vulnerable to an attack that uses infected online video files to spy on the devices, according to a research paper by cyber security firm NorthBit.NorthBit, a security research-based firm, has claimed to exploit this remote Android hacking bug. However, NorthBit term this exploit as the “worst ever discovered”.

The attack works on Android versions 2.2 ­to 4.0 and 5.0 to 5.1

The attack works on Android versions 2.2 ­to 4.0 and 5.0 to 5.1, according to thehackernews.com.
As seen in the video NorthBit provided, all the user has to do is visit a website that contains an infected video file, although the victim “has to linger for a time in the attack web page,” the paper reads. That time can be up to two minutes, but it can also be just a few seconds.
The attack “works best on Nexus 5” with stock operating system. But after “[s]light modifications” it also worked on HTC One, LG G3 and Samsung S5. That is also the limitation of the attack—the infected website needs to be designed to hack the specific model and Android version the victim uses, which makes it less practical for hackers.
In any case, users of Android version 6.0 Marshmallow should be safe.

0 comments