New hacking threat targets millions of Android phones

An old vulnerability that was thought to have been fixed had put millions of Android phones at risk.

According to a new research paper released by Israel-based NorthBit, a new way had been found to exploit a weakness in Stagefright, Android's media server and multimedia library.

The vulnerability allowed hackers to access data and functions on various versions of Android, when a user visited a malicious website.

According to NorthBit, hackers could effectively attack devices running Android versions 2.2 through 4.0, 5.0 and 5.1. The new exploit had been named "Metaphor", by NorthBit.

NorthBit added that the new attack was most effective on Google's Nexus 5 with stock ROM and also worked, with some modifications, on HTC's One, LG's G3 and Samsung's S5.

The vulnerability had been patched by Google twice before, after the original Stagefright flaws had been identified by Zimperium in early 2015.

According to commentators, though the Stagefright security flaw has been dangerous in theory, implementing it on an Android device had been difficult earlier. However, this was not  the case now, according to NorthBit.

Typically an attack is said to be able to break a phone within 20 seconds, and seemed to be most effective where the Nexus 5 with stock firmware was concerned. Although it also worked on other customised Android variants such as the HTC One, LG G3 and Samsung Galaxy S5, users who had installed the 1 October 2015 security update can expect to  remain protected against this latest exploit.