Hacking

Android Stagefright Exploit, Millions devices open to 10-seconds hack

Millions of Android devices are open to hacking attacks due to the newly disclosed Android Stagefright Exploit that hack a smartphone in 10 seconds.

New problems for Android users, security experts at software research firm NorthBit have developed an exploit for a Stagefright vulnerability affecting Google’s operating system.

Millions of Android devices are open to hacking attacks due to the newly disclosed Android Stagefright Exploit that could allow attackers to hack a smartphone in 10 seconds.

The attacker just needs to trick users into visiting a specifically crafted web page that includes a malicious multimedia file.

The researchers at NorthBit have dubbed the Android Stagefright Exploit Metaphor, they published a detailed analysis of the attack in a paper entitled “Metaphor A (real) real­life Stagefright exploit.

The researchers have published a proof-of-concept video that shows how they hacked an Android Nexus 5 device using their Metaphor exploit in just 10 seconds. They also demonstrated that the Android Stagefright Exploit Metaphor works against other mobile devices, including Samsung Galaxy S5, LG G3 and HTC One smartphones.

“Although the bug exists in many versions (nearly a 1,000,000,000 devices) it was claimed impractical to exploit in­the­wild, mainly due to the implementation of exploit mitigations in newer Android versions, specifically ASLR.” states the paper.
The Android Stagefright Exploit works on Android versions 2.2 ­to 4.0 and 5.0 to 5.1 while bypassing ASLR on Android versions 5.0 to 5.1, as version 2.2 to version 4.0 do not implement ASLR. Other Android versions are not affected by the new Stagefright exploit.

The Stagefright was first discovered in July 2015,  experts at security firm Zimperium announced the flaw is the worst Android vulnerability flaw in the mobile OS history.

The Stagefright flaw affects a media library app that is used for by Android to process Stagefright media files. According to the experts at Zimperium the media library is affected by several vulnerabilities.

Joshua Drake from Zimperium discovered seven critical vulnerabilities in the native media playback engine called Stagefright, the expert defined the Stagefright flaw the “Mother of all Android Vulnerabilities.”

The attackers can exploit the vulnerability by sending a single multimedia text message to an unpatched Android device. Despite Google has already issued a patch and has sent out to it to the company’s partners, but most manufacturers haven’t already distributed the patch to their customers exposing them to cyber attack.

In September 2015, experts at Zimperium released a Stagefright exploit, demonstrating how to trigger the Remote Code Execution (RCE). The researchers implemented the Stagefright Exploit in python by creating an MP4 exploiting the ‘stsc’ vulnerability, aka Stagefright vulnerability.
In October 2015, experts at Zimperium discovered that a billion Android phones were vulnerable to new Stagefright vulnerabilities, dubbed Stagefright 2.0  that could allow attackers to execute malicious code on the targeted device.

The researchers discovered two bugs that are triggered when processing specially crafted MP3 audio or MP4 video files.

The hacking procedure described by the researchers at NorthBit is composed of the following steps:
  • Tricking a victim into visiting a malicious page containing a video file that crashes the media server to reset its internal state.
  • Once the media server restarts, the JavaScript hosted on the web page sends information about the device to the attacker’s server.
  • The server reply with a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device’s internal state.
  • This information is also sent back to the attacker’s server to craft another video file that embeds a malicious payload that allows gaining the control of the mobile device.

Pierluigi Paganini

(Security Affairs – Android Stagefright Exploit, Metaphor)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

32 mins ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

4 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

18 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.