Android users all over the world have been the target of many dangerous types of software over the past years, and there is no end in sight just yet. One of the latest exploits plaguing the Android ecosystem is a new version of the Stagefright bug. Unfortunately for Android users, this latest iteration of Stagefright exploits a vulnerability in MP3 and MP4 files, both are oftenly used media types on mobile devices these days.
Also read: There Is No Bitcoin Ban In Mexico
Stagefright 2.0 Makes Android Devices Vulnerable To Attack
Once an Android device is infected with the Stagefright 2.0 bug, attackers can use this vulnerability execute code. Various use cases can be found for executing third-party code, including the logging and stealing of usernames and passwords, obtaining Bitcoin wallet seeds, and even accessing photos or messages.
To make matters even worse, it is impossible for an everyday user to tell whether or not their device has been infected. Similar to the first version of Stagefright, Android users could be infected without even noticing it, as malicious MP3 and MP4 files behave like they always would. A remote code execution is triggered once a malicious file has been opened, which then opens the door for hackers to remotely execute operations on the Android device.
It is impossible to predict what kind of remote code would be executed through the Stagefright 2.0 bug, but the potential ramifications can be quite severe. Installing malware would be the last of one’s worries, considering this exploit can also be used to commit identity fraud or even long-term piracy invasion.
Despite Google’s best efforts to patch the first iteration of Stagefright, this latest version is even putting patched users at risk. The second vulnerability has been confirmed viable on Android versions 5.0 and upwards, as well as targeting all versions since 1.0. Google has rated Stagefright 2.0 as “Critical Severity”, and a patch is being developed as we speak.
Bitcoin Wallets Could be A Potential Target
As long as the potential impact of Stagefright 2.0 remains unclear, it seems safe to assume Bitcoin users could be a potential target of this exploit. There are a few dozen Android Bitcoin wallets in existence, and executing remote code could copy sensitive Bitcoin information on the device to an attacker. Considering everything remotely executed is going in the background, the user wouldn’t even notice their funds being stolen in front of their own eyes.
Most mobile Bitcoin wallets store the necessary recovery data and private key on the device itself, which is one of the most secure solutions for giving users full control over their wallet; However, exploits such as Stagefright 2.0 make even that solution look like a security risk, albeit the mobile wallet developers are not to blame by any means.
What are your thoughts on Stagefright 2.0; and which precautions are you taking to protect your Android device from infection? Let us know in the comments below!
Source: Wired UK
Images courtesy of Wired, ShutterstockShow comments