Stage fright 2.0 presents new vulnerabilities
Stagefright brought out a lot of fears when word got out about the exploit; the idea of someone being able to access private files of someones smartphone by simply sending a text message is unsettling to say the least. The large number of devices that were vulnerable was also sobering, and finally Google was able to patch the Android operating system to combat the exploit.
Unfortunately, the original researchers who uncovered the weakness have found more flaws. Stagefright 2.0 allows those with malicious intent to execute code on vulnerable devices through audio files. The file types this works with are .MP3 and .MP4, and these bugs affect nearly every Android smartphone from version 1.0 to the latest version of the OS. If the attacker can simply coax an Android user to visit a site on the web browser with the files, he or she can gain access to others' private files.
As more teams of researchers look at the possible weaknesses that Androids are subject to, it seems like these Stagefright vulnerabilities will continue to plague users for some time. Google is currently working on another patch for the OS and it should hopefully release soon. Until then, users should take advantage of the Stagefright Detector app to see if they are afflicted.