Table of contents:
Losing control of your Android smartphone in just 15 seconds is not only scary, it could actually happen. The Israeli technology and security company Northbit has created a malware known as Metaphor to verify that it is possible to take control of an Android device in just 15 seconds, due to a new security breach in the operating system.
The weak point of Android known as Stagefright "" discovered months ago "" is again in the news because it could allow the entry of viruses such as Metaphor , which affect phones with the Android operating system, from version 2.2 to 4.0, and also to Android Lollipop 5.0 and 5.1. In fact, in Lollipop, Metaphor is capable of breaking an important security barrier, the ASLR ( Address Space Layout Randomisation ).
How Metaphor can affect your Android smartphone
The new malware for Android can gain control over your device in just 15 seconds. To get to this point, everything begins with a message that the victim receives. In the content there is a link to a video that forces the media player to stop and forces it to restart. And in that process, in just a few seconds, the Javascript present on the page collects all the information about the device to the server. A few seconds later, the system automatically sends another virus-infected video file necessary to take control of the smartphone.
The whole process is made possible by a major Android security breach, Stagefright , which was discovered in July 2015. It is a true "Achilles heel" of the Android operating system, which leaves the terminals exposed to many types of viruses. In fact, in a first phase the attackers used infected links through multimedia messages (MMS).
Although Google implemented security patches to solve the problem, months later the existence of another security breach of the same style was revealed, known as Stagefright 2.0 , which endangered Android terminals through infected MP3 and MP4 files.
The arrival of higher versions of Android made us believe that the problem would be over, but Metaphor shows also be able to circumvent the security barrier ASLR of Android Lollipop.
This vulnerability and the Metaphor mechanism have been discovered by Northbit "" an Israeli security and technology company "" who have warned in a study of the potential dangers of this weak point in Android. At the moment, these "attacks" have been carried out only in a controlled manner for investigative purposes, but many hackers could again take advantage of Stagefright to create mechanisms similar to Metaphor and gain control over millions of Android devices around the world.
At the moment we will have to wait for Google to update with the corresponding security patches, and meanwhile our Android devices continue to be vulnerable to these attacks. The
