Mobile Security & Enterprise Mobility Blog

Video: Zimperium takes over Nexus 6 using Stagefright

zuk_avraham_josh_drake_ana_garcia_crime_watch_dailyJust how safe is your phone from hackers? Our own zLabs VP of Research Joshua Drake and founder and chairman Zuk Avraham sat down with Crime Watch Daily’s Ana Garcia to show viewers just how dangerous hackers abusing the Stagefright vulnerabilities can be.

One of the most common ways for hackers to take over a person’s phone is by sending a text message appearing to come from a retailer or business. The Zimperium team took over Ana’s brand new Nexus 6 by sending a text message disguised as an offer to win a trip to Hawaii. Ana hit unsubscribe, which opened up a malicious link allowing the hackers to take over her personal device.

Once Josh and Zuk gained access to her phone, they were able to download personal photos, track her exact location through GPS, watch her through the phone’s camera lens and even record her personal conversations.

Through Stagefright, hackers are also able to take control of a device without any user interaction, meaning that someone wouldn’t have to click on a malicious link to launch an attack. Since the release of Stagefright, Google released an update to Hangouts to not automatically process media files but most devices still have not received an update. This puts an estimated 1 billion Android devices at great risk.

Want to see the Stagefright exploit on Ana’s phone? Watch the full Warner Brothers Crime Watch Daily segment to see how the hack takes place.