Sign up to our newsletter
Researchers in Israel have come across a new way of exploiting the Stagefright vulnerability that was uncovered last year, and which affects the library that Android uses to analyze multimedia files.
To recap, cybercriminals can execute malicious code through a harmful or compromised website – or a specially designed MMS – to steal information. There is, however, a free tool capable of detecting if the device is vulnerable to Stagefright.
But that’s not all. A recent paper by Hanan Be’er, a researcher with NorthBit, has found that an exploit known as ‘Metaphor’ can go further to take advantage of the vulnerability in Stagefright. He suggests that millions of Android devices are vulnerable to this exploit, which dodges their defense mechanisms. This threat operates on Android 2.2 to 4.0 and 5.0 to 5.1. On top of this, in the latest versions, it can evade the ASLR. This is ‘address space layout randomization’, used to hamper the proper operation of exploits preventing buffer overflow attacks.
This server then creates a custom video file which is sent to the device, which exploits Stagefright to reveal more information about the device’s internal state. When processed by Stagefright, the following video created by the attacker begins executing a payload which carries all the privileges it needs to spy on the user.
The exploit attacks the CVE-2015-3864 bug – even without the user having to ‘play’ or view the video. It starts working when the web browser searches and analyzes the file. Stagefright is the native media player for Android devices.
“Our exploit works best on Nexus 5 devices. It was also tested on HTC One, LG G3, and Samsung S5 devices, although the exploit was slightly different on these brands. We will need to make a few adjustments”, concludes the analysis.
This shows that there is no need to panic. Users should just keep up to date with the latest news and download patches when released by the provider.
Author Sabrina Pagnotta, ESET