You may know that the Stagefright security flaw is theoretically dangerous, but it hasn't been that risky in practice -- it's just too difficult to implement on an Android device in a reliable way. Or rather, it was. Security researchers at NorthBit have developed a proof-of-concept Stagefright exploit, Metaphor, that reliably compromises Android phones. The key is a back-and-forth procedure that gauges a device's defenses before diving in. Visit a website with a maliciously-designed MPEG-4 video and the attack will crash Android's media server, send hardware data back to the attacker, send another video file, collect additional security data and deliver one last video file that actually infects the device.