Stagefright 2.0: the worst of Android threats?

If security researchers discovered threats almost every week on all operating systems (Windows, Mac OS X, Linux, iOS, Android ... everyone is concerned), few security holes that may threaten all users of an OS. Yet this is what he might be going to all holders of a smartphone or Android tablet: Stagefright v2.0 can potentially concerns some 1.3 billion mobile users that make up the Google system .


Small return on version 1.0 of Stagefright
 There is a little over two months was found Stagefright, a security flaw discovered affecting Android devices. The threat, highlighted by Zimperium (a company specializing in security) can spread via a simple MMS and a multimedia file. Therefore, a hacker has the target phone number to infect and take control of his aircraft. In addition, the flaw only affects "only" 95% of Android devices (those who remained in a version prior to 2.2 the system are not affected)

.No need to MMS, everything is done on the Web
 With Stagefright 2.0, the threat reached a new milestone: it concerns not only all the devices from Android 1.0, but it has a new propagation method. Much less binding for the hacker, Stagefright 2.0 propagates effect via a simple Web page and metadata. The flaw actually operates two libraries included in all devices: libutils and libstragefright. The MP3 or MP4 file playback on the page (and infected with malware) allows an attacker to take control of an Android device.

An expected patch for October

Clearly, all the Android devices is potentially concerned. If Zimperium has released no proof of concept, the company accused Google of this threat on 15 August. A fix has already been found, which will be released in the update of Android in October. Finally, if a tool to detect Stagefright exists on the Google Play (Stagefright Detector), it does not yet support v2.0 of the threat. An update to the application is provided when Google will release its patch to Android.