HERZLIYA, Israel, March 21 (UPI) — Millions of Android phones are at risk due to an old vulnerability that was thought to be fixed.
Israeli-based NorthBit has released a new research paper explaining a new way to exploit a weakness found in Stagefright, Android’s media server and multimedia library.
If a user accessed a malicious website, the vulnerability could allow hackers to have access to data and functions on a various versions of Android.
Hackers could effectively attack devices running Android versions 2.2 through 4.0, 5.0 and 5.1, NorthBit said. The company has named its new exploit “Metaphor.”
The new attack is the most effective on Google’s Nexus 5 with stock ROM. It also works, with some modifications, on HTC’s One, LG’s G3 and Samsung’s S5, the company said.
Google has patched the vulnerability twice before, after security company Zimperium found the original Stagefright flaws in early 2015.
The exploit has two weaknesses, Northbit found.
It has to use a different code for each type of phone in order to hijack it, thus hackers would have to create multiple versions of “Metaphor” to utilize it on a massive scale.
Secondly, the latest version of Android, 6.0 Marshmallow, blocks “Metaphor.” Google’s more recent October patch can block it on some older installs as well.