the research team on Zimperium zLabs , a company responsible on mobile’s security , find a new security hole on android operation system which allows hacker to upload Mp3 and Mp4 files on the web then wait until the user download it on his device to take over his smartphone from distance. This exploit Called Stagefright 2.0 is a security vulnerability made of two holes in Android that can allow hackers to take over a smartphone vie MP3 or MP4 files which are common formats for video and audio files.
The security holes lie within the media processing systems of Android, which can be broken allowing access to the hole smartphone using crafted MP3 or MP4 files. This vulnerability is on over 1 billion Android devices.
“The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright),” said Zimperium, the company that first disclosed the original Stagefright bug.
The difference between the first version of Stgefright ” Stagefright 1.0″ and the second version “Stagefright” is that the second one doesn’t need any infromation from user to be successful.