According to security experts, a new version of the Stagefright bug has returned and could once again endanger mobile devices running on Google's Android operating system. The new version is called Metaphor and affects devices in the same way its predecessor did.
The Stagefright hack was first discovered in July of 2015. It works by exploiting a key Android feature called the Stagefright, which is responsible for automatically playing files in multimedia formats.
Using this exploit, the hacker can send an MMS message that contains malware. Because of the Stagefright program, the multimedia content of the message will be automatically opened, enabling the malware to affect the device's software.
Once infected, the hacker will be able to access the mobile device's data as well as control some of its key operations.
The Stagefright issue eventually disappeared after Google and various network carriers released security updates to protect its Android users.
But recently, Engadget reported that security researchers working for NorthBit have developed a new exploit called Metaphor. This works just like how the Stagefright exploit did and can affect certain Android devices.
According to the report, even users of new devices with relatively updated versions of the Android OS, such as the Nexus 5, Samsung Galaxy S5, HTC One and LG G3 can be victimized using the Metaphor hack.
However, as noted by the researchers, the Metaphor bug that they developed based on the Stagefright is only a proof-of-concept exploit. This means it is still confined inside NorthBit's lab and the chances of it falling into the hands of a hacker are a bit slim.
In addition, NorthBit has already informed Google about its creation and the latter noted that devices with the latest patch against Stagefright are safe from Metaphor. Those with lower-end versions, on the other hand, are at risk, Forbes reported.
"Android devices with a security patch level of October 1, 2015 or greater are protected because of a fix we released for this issue (CVE-2015-3864) last year," Google said in a statement. "As always, we appreciate the security community's research efforts as they help further secure the Android ecosystem for everyone."
