The Stagefright security flaw in Android devices has only been a threat in theory -- until now. The bug, first discovered last summer, was called the "mother of all Android vulnerabilities" by the security firm that discovered it. But no one had actually managed to execute the highly complicated hack.
Now researchers at NorthBit, a cybersecurity consultancy firm, have developed a version of the bug that shows hackers could find a way in, Engadget reports.
The flaw involves Stagefright, which is the media playback tool built into Android phones. This tool enables users to retrieve photos and videos sent to their phones through multimedia messages. If hackers send a photo or video message containing malware, and a user opens it, hackers could gain complete control of the phone, able to steal critical information like credit card numbers.
The NorthBit researchers developed Metaphor, "a proof of concept Stagefright exploit." They say bug is most effective on a Nexus 5 phone, but it could also affect phones like the HTV One, LG G4, and the Samsung Galaxy S5.
It is important to note that this is an attack created in a controlled research environment, and so far has not actually impacted any Android customers in real life.
Those who have updated to Android 6.0 Marshmallow or other operating systems that are patched against the Stagefright flaw are fine. Unfortunately, many people are still running older versions without the necessary defenses against this bug. Those with older Android phones are the most at risk.
For its part, Google released a fix last fall and encouraged all users to make sure they update their phones for the best protection.
"Android devices with a security patch level of October 1, 2015 or greater are protected because of a fix we released for this issue (CVE-2015-3864) last year," Goolge said in a statement. "As always, we appreciate the security community's research efforts as they help further secure the Android ecosystem for everyone."