Showing posts with label stagefright. Show all posts
Showing posts with label stagefright. Show all posts

Tuesday, October 6, 2015

Over a billion Android Devices Vulnerable to Latest Stagefright Bug

Stagefright_Bug

Billion plus Android Devices at Risk – Stagefright


According to security experts, over one billion Android devices are considered to be at risk from new vulnerability known as Stagefright 2.0.This vulnerability had been discovered by a team of researcher at Zimperium, which is a mobile security firm and is considered to affect almost all Android devices from the first version in 2008.

 The new bug had been discovered in Google’s mobile operating system that enables attackers to insert malicious code in deviceto retrieve information when a use accesses a particularly crafted MP3 or MP4.The attack is on the vulnerability in MP3 and MP4 video files which once opened tend to remotely execute code. This could comprise of installing malware, get hold of data for identity fraud or to access photos as well as messages.

 Due to the nature of the vulnerability, it would be difficult to tell if a device has been affected. First Stagefright bug is said to leave device susceptible to exploitation with the video sent through MMS that are utilised as an avenue of attack. Since several messaging apps tend to process the videos automatically, there are possibilities of being targeted without being aware of it.

Stagefright 2.0 - Dangerous


Speculations are on that Stagefright 2.0 could also be quitedangerous. Stagefright 2.0 tends to utilise similar avenues in exploiting the weakness, by using MP3 audio of MP4 video files which when opened, the malicious files tends to activate a remote code execution – RCE, providing scope for hackers with the capabilities of remotely executing activities on the device.

This could comprise of media player or messengers besides mining data for identity fraud, installing malware and much more. There are various ways by which a user could be attacked. At first a hacker would try convincing a user to visit a malicious webpage and view music or a video file which would provide the hacker with an opportunity of hacking a user.

 Moreover they could also intercept unencrypted traffic from the device and another server which is known as a man-in-middle attack for the purpose of inserting the malicious code in the file which is to get transferred.

Susceptibility is in Processing of Metadata in Files


According to Zimperium in a blog post recently has mentioned that `the susceptibility is in the processing of metadata in the files and hence only viewing a song or a video would help to activate the issue’. Zimperium had also notified the Android Security Team of the problem. Google had mentioned in Nexus Security Bulletin that `vulnerability in media-server would enable an attacker during media file and data processing of a specially crafted file to cause memory corruption and probably remote code execution as the media server process.

The issue is considered as Critical severity due to the possibility of remote code execution as the privileged media-server service. The media-server service has access to audio and video streams together with access to privileges which are normally not accessible to third party apps. Attackers at this point of time are still assumed and users are not yet subjected to the bug.

Google has informed that the vulnerability handled in its monthly security and a fix is likely to be issued in its monthly security update for Android in October with patches for other phones in the pipeline. Besides this Google has also made provision for patches to LG, HTC, Huawei, Samsung and Sony wherein the companies would probably roll out over the next month.