Chevron icon It indicates an expandable section or menu, or sometimes previous / next navigation options. HOMEPAGE

1 billion Android phones are vulnerable by simply visiting a website

The Android security vulnerability known as Stagefright has evolved into Stagefright 2.0, and it can haunt even more Android phones than the original, according to mobile security company Zimperium.

Advertisement

The originally Stagefright vulnerability lets hackers install malicious software onto your Android phones running Android 2.2 and up, which is estimated to include up to 950 million people. Those vulnerable Android phones could be exploited without needing any interaction on your part.

Android robot
iStock

Android phones would become exposed by simply receiving a multimedia text message (MMS) with a malicious file, and you wouldn't even need to open it.

Stagefright 2.0, on the other hand, can exploit Android phones running Android 1.0 and up, which can be up to 1.4 billion people.

The way Stagefright 2.0 can exploit your phone is also a little different, as it can exploit phones via the web browser (the MMS delivery method has been patched up by Google). 

Advertisement

Unlike the original Stagefright MMS delivery method, the web browser delivery would need someone to actively visit a website, most likely via a link.

As a result of the original Stagefright exploit, Google and Samsung began issuing monthly security updates for certain phones, but not all of them. 

In a statement to Tech Insider, Google said it will issue a patch for the new Stagefright exploit in early October:

"As announced in August, Android is using a monthly security update process. Issues including the ones Zimperium reportedwill be patched in the October Monthly Security Update for Android rolling out Monday, October 5th."

Advertisement

The only Android phones we know will get the security update so far are Google's own Nexus devices, which run the pure version of Android.

Android Smartphones Security
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.

Jump to

  1. Main content
  2. Search
  3. Account