Professional Documents
Culture Documents
NewExploitto'HackAndroidPhonesRemotely'threatensMillionsofDevices
NewExploitto'HackAndroidPhonesRemotely'
threatensMillionsofDevices
Wednesday,March16,2016 SwatiKhandelwal
81
4968
376
38
5726
AttentionAndroid
users!
MillionsofAndroid
devicesare
vulnerableto
hackersand
intelligence
agenciesonce
againThanksto
anewly
disclosedAndroidStagefrightExploit.
Yes,AndroidStagefrightvulnerabilityisBack
andthistime,theStagefrightexploitallowsanattackertohackAndroidsmartphonesin10
secondsjustbytrickingusersintovisitingahacker'swebpagethatcontainsamalicious
multimediafile.
AgroupofsecurityresearchersfromIsraelbasedresearchfirmNorthBitclaimedithad
successfullyexploitedtheStagefrightbugthatwasemergedinAndroidlastyearanddescribed
asthe"worsteverdiscovered".
ThenewStagefrightexploit,dubbedMetaphor,isdetailedinaresearchpaper[PDF]that
guidesbadguy,goodguyaswellasgovernmentspyingagenciestobuildtheStagefright
exploitforthemselves.
http://thehackernews.com/2016/03/exploittohackandroid.html
1/4
19/3/2016
NewExploitto'HackAndroidPhonesRemotely'threatensMillionsofDevices
Justyesterday,wereportedaboutcriticalvulnerabilitiesinQualcommSnapdragonchipthat
couldbeexploitedbyanymaliciousapplicationtogainrootaccessonavulnerableAndroid
device,leavingmorethanaBillionAndroiddevicesatrisk.
VideoDemonstrationExploittoHackAndroidPhonein10
Seconds
Theresearchershavealsoprovidedaproofofconceptvideodemonstrationthatshowshow
theysuccessfullyhackedanAndroidNexus5deviceusingtheirMetaphorexploitinjust10
seconds.TheyalsosuccessfullytestedMetaphoronaSamsungGalaxyS5,LGG3andHTC
Onesmartphones.
Accordingtotheresearchers,MillionsofunpatchedAndroiddevicesarevulnerabletotheir
exploitthatsuccessfullybypassessecuritydefensesofferedbyAndroidoperatingsystem.
WhatisStageFrightBugandWhyYouhavetoWorryaboutit?
Stagefrightisamultimediaplaybacklibrary,writteninC++,builtinsidetheAndroidoperating
systemtoprocess,recordandplaymultimediafilessuchasvideos.
However,whatZimperiumresearchersdiscoveredlastyearwasthatthiscoreAndroid
componentcanberemotelyexploitedtohijack95percentofAndroiddeviceswithjustasimple
http://thehackernews.com/2016/03/exploittohackandroid.html
2/4
19/3/2016
NewExploitto'HackAndroidPhonesRemotely'threatensMillionsofDevices
boobytrappedmessageorwebpage.
AnothercriticalvulnerabilitydiscoveredlastOctoberinStagefrightexploitedflawsinMP3and
MP4files,whichwhenopenedwerecapableofremotelyexecutingmaliciouscodeonAndroid
devices,andwasdubbedStagefright2.0.
However,totacklethisseriousissue,Googlereleasedasecurityupdatethatpatchesthe
criticalbugaswellaspromisedregularsecurityupdatesforAndroidsmartphonesfollowingthe
seriousnessoftheStagefrightbugs.
Here'sHowtheNewStagefrightExploitWorks
ResearchersdescribedthefollowingprocesstosuccessfullyhijackanyvulnerableAndroid
smartphoneortablet:
Step1:Trickingavictimintovisitingamaliciouswebpagecontainingavideofilethatcrashes
theAndroid'smediaserversoftwaretoresetitsinternalstate.
Step2:Oncethemediaservergetsarestart,JavaScriptonthewebpagesendsinformation
aboutthevictim'sdeviceovertheInternettotheattacker'sserver.
Step3:Theattacker'sserverthensendsacustomgeneratedvideofiletotheaffecteddevice,
exploitingtheStagefrightbugtorevealmoreinfoaboutthedevice'sinternalstate.
Step4:Thisinformationisalsosentbacktotheattacker'sservertocraftanothervideofilethat
embedsapayloadofmalwareinit,whichwhenprocessedbyStagefrightstartsexecutingon
thevictim'ssmartphonewithalltheprivilegesitneedstospyonitsowner.
TheresearchersalsoclaimthattheirexploitspecificallyattackstheCVE20153864vulnerability
inawaythatbypassesAddressSpaceLayoutRandomisation(ASLR),amemoryprotection
process.
"Itwasclaimed[theStagefrightbug]wasimpracticaltoexploitinthewild,mainlyduetothe
implementationofexploitmitigationsin[latest]Androidversions,specificallyASLR,"the
researchpaperreads.
http://thehackernews.com/2016/03/exploittohackandroid.html
3/4
19/3/2016
NewExploitto'HackAndroidPhonesRemotely'threatensMillionsofDevices
Theteam'sexploitworksonAndroidversions2.2to4.0and5.0to5.1whilebypassing
ASLRonAndroidversions5.0to5.1,asversion2.2toversion4.0donotimplementASLR.
OtherAndroidversionsarenotaffectedbythenewStagefrightexploit.
Youcangothroughthefullresearchpaper[PDF]thatprovidesenoughdetailstocreateafully
workingandsuccessfulexploit.
http://thehackernews.com/2016/03/exploittohackandroid.html
4/4