The number of exploits and security threats on the Android platform does not seem to be coming to an end anytime soon. A new StageFright exploit puts millions of Android devices at risk of being hijacked, leaving phones and tablets vulnerable to remote hacking. Bitcoin users should be especially wary of this exploit as it could their funds at stake. So far, no devices have been confirmed to be safe from harm, as security researchers exploited various phone models over the past few days.
Stagefright Exploit Is Worse Than Assumed
Although it is not the first time security researchers talk about the Stagefright exploit on Android, things have just taken a turn for the worse. Israeli security experts have thoroughly looked at this vulnerability, and by exploiting it by all means necessary, they were able to remotely hack just about mobile device running Android. When the exploit was first announced a while ago, it was immediately dubbed to be the “worst ever discovered”, and it looks like the full extent of that statement is becoming clear.
What is of particular concern to security researchers is how the Stagefright vulnerability can be modified to inflict even more damage. Any device running Android 5.0 or 5.1 – which currently represents 36% of all Android devices available – are vulnerable to remote hacking. Any device that does not have the most recent security updates installed could be a target for hackers. Keeping in mind how device manufacturers are not the fastest when it comes to rolling out OTA updates, it can take a while until devices are properly secured again.
Back in 2015, when Stagefright was originally discovered, up to 95% of all Android devices in circulation were vulnerable to this type of attack. As security experts tried to fix the security holes, the second iteration of this malware was released in October, and spread through infected video and audio files. Having a device vulnerable to remote code execution is never a good thing, and Google was quick to patch this new vulnerability as well.
However, Android users are not out of the woods just yet, as security researchers modified the Stagefright code and exploited devices running the popular mobile OS. As a result, any device running Android 2.2, 4.0, 5.0, and 5.1 is vulnerable to attack, whereas other versions are safe from harm. This still leaves millions of devices at risk, and users will have to wait for security updates from either Google or their device manufacturer.
Because of this exploit, it is impossible to gauge how many users have been infected at the time of publication. Considering how this newer version of Stagefright is based on Google’s security patch code, things aren’t looking all that great for Android users all over the world.
Bitcoin users should be extra vigilant as well, as this new vulnerability can put their digital wallets at risk. If an Android device with a Bitcoin wallet can be hacked remotely, the assailant could potentially retrieve all data needed to breach the wallet, including PIN codes and backup seeds. Always make sure to update the OS to the latest version, and never execute any file type provided by untrusted sources.
Moreover, a Stagefright infection on a mobile device with a Bitcoin wallet could put an end to privacy as well. Hackers would be able to obtain various types of information regarding the device owner, including their Bitcoin wallet address.
What are your thoughts on this new development in the Stagefright story? What can be Bitcoin users to do ensure their funds are safe? Let us know in the comments below!
Images courtesy of The Inquirer, Shutterstock