New bug makes millions of Android devices vulnerable to hacking

Researchers said hack is able to execute remote code on Android devices, possibly affecting up to 95% of devices

Sending a message to millions of Android users that their devices are vulnerable to virus attack, a team of researchers has successfully exploited the Android-based "Stagefright" bug and remotely hacked a smartphone.

Israeli software research company NorthBit claimed it had "properly" exploited the Android bug that was originally described as the "worst ever discovered", Wired.co.uk reported.

The exploitation, called "Metaphor", also has a video that shows the exploit being run on a Nexus 5 smartphone. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5 devices.

The exploit could be altered by those wanting to cause more damage.

"Approximately 36% of the 1.4 billion active Android phones and tablets run Android 5 or 5.1 and devices lacking the latest updates would be vulnerable," NorthBit co-founder Gil Dabah was quoted as saying.

"Our research managed to get it [the attack] to the level of production grade, meaning that everyone - both the bad guys and good guys, or governments - could use our research in order to facilitate it in the wild," Dabah added.

Reportedly, the hack is able to execute remote code on Android devices and could possibly affect up to 95% of Android devices.

The researchers said they have been able to create an exploit that can be used against Stagefright on Android 2.2, 4.0, 5.0 and 5.1. Other versions are not affected. The company's research paper says it is built on work from Google itself.

Google released a patch for the bug and promised regular security updates for Android phones following the publication of Stagefright's details.

Stagefright is a software library, written in C++ (computer language), that is built inside the Android operating system.

Google released a patch for the bug and promised regular security updates for Android phones following the publication of Stagefright's details.

According to a report by Cheetah Mobile, a China-based mobile tools provider, India ranks two on the list of countries having malware-affected Android smartphones due to an extensive use of third-party apps.

"The number of Android viruses, especially Root Trojans, rose sharply with a growth rate of 22 percent infecting a total of 11,170,960 devices in India in 2015," the report said.

The report, which focused on virus infections in Android devices all over the world, said the number of Android viruses exceeded 9.5 million in 2015, which is larger than twice the total number in the past three years. The number stood at 2.8 million in 2014.

"Stagefright" is the collective name for a group of software bugs that affect Android operating system, allowing an attacker to perform arbitrary operations on the victim device through remote code execution.

A Trojan Horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems.