You might remember a few months ago we told you about a huge flaw in Android called Stagefright. It let hackers run malicious code on your Android smartphone or tablet by sending you a simple text message. Because of the way it worked, it left more than 900 million gadgets worldwide vulnerable.
Google, carriers and smartphone manufacturers are still rolling out fixes, but on the whole the problem is under control. However, the same person who discovered the first flaw, Joshua J. Drake of Zimperium Mobile Security, has kept digging and turned up a few more problems in the same system that potentially affect every Android gadget out there, which is more than a billion. So, what does Stagefright 2.0 look like?
Stagefright 2.0 actually consists of two flaws. One affects every Android gadget from Android 1.0 to the present. The other only works on Android 5.0 and up.
The flaws rely on how Android handles music and video files, specifically the metadata. The metadata usually contains information like the song or video title, album, how often you've played it, etc.
However, if a hacker puts malicious code in that section, and you even preview the file, Android will run the code without checking to see what it is. It could attempt to install a data-stealing apps to try taking over your phone completely. We say "attempt" because the Android system itself is still fairly tough to crack.
That could be one reason hackers don't seem to be doing much with Stagefright 2.0 yet. Also, Google already has a fix it will be rolling out later this month, but it's never good to take chances.