Stagefright Vulnerability is Back, Millions of Android Devices At Risk

Stagefright Vulnerability

The mother of all android vulnerabilities is back again. Last year, the stagefright bug had put some 950 million android phones at risk of hacking. And now millions of android devices are at risk again. A group of Israeli researchers claim that they have found a new way to exploit the vulnerability.

What is Stagefright?

“Stagefright” is the name of the media library—a portion of Android’s open source code—in which the bugs were found. It’s obviously a great bug name, too. The original stagefright vulnerability was discovered by the researchers at Zimperium. Google has since issued multiple patches and fixes to the stagefright vulnerability.

How Does the StageFright Vulnerability Work?

The StageFright vulnerability uses the Android video processing mechanism, libStageFright over MMS videos as its source of an attack. Various Android messaging apps like Hangout process videos automatically and as a result, users get to watch the infected videos as soon as they open the target message. So, the StageFright attack could take place even without the user knowing about it.

 

The mechanism of StageFright seems a bit laborious, but generally, the vulnerability takes less than 20 seconds to get into the target system and infect it. It is generally more effective on devices running on stock Android like Google phones. Moreover, it is also known to function on customized devices like the Samsung Galaxy series, LG G series, and HTC devices. The vulnerability became so popular that it featured in the WatchGuard Threat Lab’s list of top-ten hacking attacks in 2017.

Metaphor - A (real) real­ life Stagefright exploit

The research company NorthBit, based in Israel, published a paper 'Metaphor' - that's the name of their stagefright implementation. The paper presents the research results, further details the vulnerability’s limitations and depicts a way to bypass ASLR as well as future research suggestions. They present a more thorough research of libstagefright and new techniques used to bypass ASLR.

The company also said that the exploit works best on Nexus 5 with stock ROM. It was also tested on HTC One, LG G3 and Samsung S5, however exploitation is slightly different between different vendors.

The team built a working exploit affecting Android versions 2.2 - 4.0 and 5.0 - 5.1, while bypassing ASLR on versions 5.0 - 5.1 (as Android versions 2.2 - 4.0 do not implement ASLR). They even shared the distribution of Android platform versions taken from statista, which depicted -

● 23.5% of Android devices are versions 5.0 ­ 5.1 ­ about 235,000,000 devices

● 4.0% of Android versions are versions 2.x with no ASLR ­ about 40,000,000 devices

"Looking at these numbers, it's hard to comprehend how many devices are potentially vulnerable," NorthBit wrote.

How Your Android Device Can Be Protected From StageFright Attacks?

While Google has released a patch for the vulnerability in its latest OS update, a large number of Android users using the older versions are still at risk. For those users, it’s either up to their manufacturers or the users themselves to take steps and stay protected from this vulnerability. Here is a list of things you can do in order to ward off this vulnerability:

 

1. Disable Auto-Retrieval of MMS Messages:

In message settings, users can find this option and disable the automatic download of video messages. MP4s will download only if the user taps on it or as per their discretion. In this manner, the risk will be avoided unless the users opt to download the infected message themselves.

 

2. Install Apps Only from Official App Stores:

Instead of relying on untrusted third-party apps, you must go for apps available on official app stores like the Google Play Store. Reading the app reviews before installation is also a good practice in order to stay safe from malicious apps.

 

3. Stay Cautious While Navigating Through Web Pages

Web pages on the internet are filled with suspicious links. Before falling into the temptation of clicking on the click-baits, it is always advisable to run a self-diagnosis and avoid downloading attachments. A little caution will certainly go a long way and protect you from massive security vulnerabilities. 

Android Metaphor risk Zimperium ASLR Exploit google hacking NorthBit open source code security Stagefright Vulnerability

Published on Mar 18, 2016
Hardeep Singh
Written by Hardeep Singh
Digital Marketing Consultant. Driving 10X Growth for Cybersecurity & B2B SaaS using SEO, Content Marketing & Social Media.

Similar Blogs

4 Things Cisco Remote Code Execution Vulnerability Teaches Us
Apr 6, 2018

4 Things Cisco Remote Code Execution Vulnerability Teaches Us

There is no such thing as perfect code and everyone knows this, including the guy that’s looking to attack you. Studies ...

View Blog
Vulnerability Management Best Practices for Developers
Mar 17, 2021

Vulnerability Management: Top 6 Best Practices for Developers in 2021

Companies with a presence on the internet and widespread networks are increasingly being targeted by malicious code ...

View Blog
What is Common Vulnerability Scoring System ( CVSS )
Nov 16, 2021

What is Common Vulnerability Scoring System (CVSS)?

Given the large and growing number of cyber attacks that exploit software vulnerabilities, vulnerability management is ...

View Blog

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now

Appknox is the worlds most powerful plug and play security platform which helps Developers, Security Researchers and Enterprises to build a safe and secure mobile ecosystem using a system plus human approach to outsmart smartest hackers.

Subscribe to our newsletter
Get Started
Product
Vulnerability Assessment Tools
Penetration Testing Tools
Resources
Compare
We are loved! Our reviews say it all!

Copyright © 2024 Appknox, Xysec Labs