275 million Android devices vulnerable to new Stagefright threat that can hack a phone in 15 seconds BY Dan Good

Hundreds of millions of Android devices are vulnerable to a new exploit of Stagefright, the bug previously called the "worst ever discovered," according to a report published this month.

 

An Israeli-based security firm, NorthBit, claims it has "properly" exploited the Stagefright bug. Video released by NorthBit shows the firm remotely hacking a phone in about 15 seconds.

The bug could allow hackers access to a user's data and functions if the user visits a malicious website.

The exploit, called Metaphor, was tested on a Nexus 5, LG G3, HTC One and Samsung Galaxy S5, according to Wired.

Android phones and tablets that lack the latest updates — Android versions 2.2 through 4.0, as well as 5 or 5.1 — could be vulnerable. Roughly 275 million phones are estimated to run on those versions.

"The reason to keep researching this library is because it has proven to be very vulnerable in the past (multiple bugs and bad code), affects numerous devices and has many good potential attack vectors: mms (stealthy), instant messaging (automatic), web browser (minimal­to­no user interaction) and more," Hanan Be'er, a security researcher for NorthBit, wrote in the report.

Stagefright was first identified by the security firm Zimperium in July 2015, involving code that taps into the device's audio and camera.

Stagefright 2.0 was identified in October, focusing on exploits in .mp3 and .mp4 files.