275 Million Android Phones Exposed to New Hack, Security Firm Says

Petr Svab
Updated:

If you use a phone with Android operating system, you should think twice before visiting any fishy-looking websites. Even if they promise just cute kitten videos.

Some 275 million Android phones are vulnerable to an attack that uses infected online video files to spy on the devices, according to a research paper by cyber security firm NorthBit.

The attack works on Android versions 2.2 ­to 4.0 and 5.0 to 5.1.

The attack works on Android versions 2.2 ­to 4.0 and 5.0 to 5.1, according to thehackernews.com.

As seen in the video NorthBit provided, all the user has to do is visit a website that contains an infected video file, although the victim “has to linger for a time in the attack web page,” the paper reads. That time can be up to two minutes, but it can also be just a few seconds.

The attack “works best on Nexus 5” with stock operating system. But after “[s]light modifications” it also worked on HTC One, LG G3 and Samsung S5. That is also the limitation of the attack—the infected website needs to be designed to hack the specific model and Android version the victim uses, which makes it less practical for hackers.

In any case, users of Android version 6.0 Marshmallow should be safe.

Petr Svab
Petr Svab
reporter
Petr Svab is a reporter covering New York. Previously, he covered national topics including politics, economy, education, and law enforcement.
twitter
Related Topics