Friday 2 October 2015

Your Android Phone is Vulnerable To Remote Hacking With StageFright Bugs

Your Android Phone is Vulnerable To Remote Hacking With StageFright Bugs!

Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. 

Security Researcher of Zimperium Joshua Drake (Vice President of platform research and exploitation at Zimperium) discovered two more vulnerabilities in the Android. His aimed to researching media processing in Android and focused on remote attacks agains current devices.

What is the vulnerability ? 
Processing specially crafted MP3 or MP4 files can lead to arbitrary code execution. -

The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. Since the primary attack vector of MMS has been removed in newer versions of Google’s Hangouts and Messenger apps, the likely attack vector would be via the Web browser.

  • An attacker would try to convince an unsuspecting user to visit a URL pointing at an attacker controlled Web site (e.g., mobile spear-phishing or malicious ad campaign)
  • An attacker on the same network could inject the exploit using common traffic interception techniques (MITM) to unencrypted network traffic destined for the browser.
  • 3rd party apps (Media Players, Instant Messengers, etc.) that are using the vulnerable library.

After the execution this Vulnerbaility allow attackers to access to personal data and photos stored on the phone, be able to take photos, record conversations, email and SMS and can download malicious apps remotely.

Google said that new Stagefright bugs will be fixed in next schedule update.

Source: Zimperium


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer