New Stagefright Exploit Could Scare Millions of Android Users

Written by prodigitalweb


Android Users to Update Devices Regularly – Safeguard from Stagefright

Android owners need to ensure that their device is updated regularly not only to take advantage of the features that are being added constantly by Google to the operating system but also to safeguard their devices from dangerous bugs, namely Stagefright. Stagefright is software library written in C++ which is built within the Android operating system. The Stagefright susceptibility was first identified by security firm Zimperium in July 2015. The hack was said to be capable of executing remote code on Android device and could probably affect around 95% of the Android devices. The had stated that it was vulnerable to memory corruption and when MMS message comprising of a video is sent to the device and if the video is coded in a certain way, there could be possibilities,that it could activate malicious code within the device. Google had released a patch for the bug, promising regular security updates for Android devices after the publication of details of Stagefright. Israel based research firm Northbit had published a research paper wherein it claimed to have discovered a proper exploit called Metaphor utilising a new vulnerability in the Stagefright.  They described the bug as the `worst ever detected’.


Three Step Procedures

The researchers had described a three step procedure to take-over an Android device in paper wherein a user is made to visit a specially crafted webpage which tends to host a video file with the ability of crashing the mediaserver software on the target handset.  The video file then resets the mediserver software and waits for it to restart.  Thereafter a JavaScript on the webpage sends the details regarding the device to the server of the attacker and generates another video file.  It is then sent to the device together with additional information like the internal condition of the device. Then another video file is sent again to the device of the victim, with a payload of malware and starts prying. Researchers inform that the exploit attacks the CVE-2015-3864 bug in a `fast, reliable as well as stealthy’ way by avoiding ASLR – address space layout randomization, which is a mechanism designed to foil exploit writers.  For the security attackers to achieve hijacking the device, they need to perform a flow of operation.

Stagefright _1

Devices Lacking Latest Updates – Vulnerable

They had demonstrated the hack in a video utilising the Google Nexus 5 and had successfully duplicated the exploit on a LG G3M the HTC One and the Samsung Galaxy S5. The researchers had mentioned that they were able to create an exploit which could be utilised against Stagefright on Android 2.2, 4.0, 5.0 and 5.1.Security researcher had demonstrated exploiting Stagefright bug, by utilising it to hack remotely an Android phone which could be done to millions of the Android phones. Other versions do not seem to be affected and the company’s research paper had stated that it is built on work from Google.Though Google had promised regular security updates after Stagefright and later on, Stagefright 2.0 was discovered, not all the versions of Android have been patched yet.  Co-founder Gil Dabah had informed that the exploit can be changed by those who wish to cause more damage. Around 36% of the 1.4 billion active Android phones as well as tablets that tend to run Android 5 or 5.1, Dabah has warned that the device lacking the latest updates could be vulnerable.


About the author