STAGEFRIGHT

-
STAGEFRIGHT- a vulnerability that made tech giants sleepless



WHAT IS STAGEFRIGHT?

Stagefright is a serious vulnerability found in Android's media processing service. The Android service that processes multimedia files has been the source of some vulnerabilities. In recent time, including a new one that could give rogue applications access to sensitive permissions to access the data.The vast majority of Android phones can be hacked by sending them a specially crafted multimedia message (MMS).


WHO DISCOVERED?

This latest vulnerability in Android's media server component was discovered by security researchers from antivirus firm Trend Micro and Joshua Drake,vice president of platform research and exploitation at mobile security firm Zimperium.


BRIEF ME ABOUT THIS:

Drake developed the dangerous exploit that only requires knowing the victim’s phone number. He found multiple vulnerabilities in a core component called Stage fright which is used to process, play and record multimedia files. Some of the flaws allow for remote code execution and can be triggered when receiving an MMS message, downloading a specially crafted video file through the browser or opening a Web page with multimedia content.There are many potential attack vectors because whenever the Android OS receives media content from any source it will run it through this framework. The library is not used just for media playback, but also to automatically generate thumbnails or to extract metadata from video and audio files such as length, height, width, frame rate, channels and other similar information.

This means that users don’t necessarily have to execute malicious multimedia files in order for the vulnerabilities to be exploited. The mere copying of such files on the file system is enough.The researcher isn’t sure how many applications rely on Stage fright, but he believes that just about any app that handles media files on Android uses the component in one way or another.The MMS attack vector is the scariest of all because it doesn’t require any interaction from the user; the phone just needs to receive a malicious message.
For example, the attacker could send the malicious MMS when the victim is sleeping and the phone’s ringer is silenced. After exploitation the message can be deleted, so the victim will never even know that his phone was hacked.The researcher didn’t just find the vulnerabilities, but actually created the necessary patches and shared them with Google in April and early May. The company took the issues very seriously and applied the patches to its internal Android code base in a quick time.That code gets shared in advance with device manufacturers that are in the Android partnership program, before it’s released publicly as part of the Android Open Source Project (AOSP).Unfortunately, due to the generally slow pace of Android updates, over 95 percent of Android devices are still affected.

According to Drake, Even among Google’s Nexus line of devices, which typically get patches faster than those from other manufacturers, only recently launched the Nexus 6 has received some of the fixes so far.That’s because manufacturers have to first pull Google’s code into their own repositories, build new firmware versions for each of their devices, test them and then work with mobile carriers to distribute the updates. Devices older than 18 months generally stop receiving updates entirely, leaving them vulnerable to newly discovered issues indefinitely.The vulnerabilities affect devices running Android versions 2.2 and higher, which means that there are a huge number of devices that will probably never receive patches for them.The researcher estimates that only around 20 to 50 percent of the Android devices that are in use today will end up getting patches for the issues he found. He noted that 50 percent is wishful thinking and that he would be amazed if that happened.

What attackers can do after they exploit these vulnerabilities can vary from device to device. Their malicious code will be executed with the privileges of the Stagefright framework, which on some devices are higher than on others. In general the attackers will get access to the microphone, camera and the external storage partition, but won’t be able to install applications or access their internal data.There is an estimation that on around 50 percent of the affected devices the framework runs with system privileges which makes it easy to gain root access and therefore complete control of the device. On the rest of devices, attackers would need a separate privilege escalation vulnerability to gain full access.
Since the patches for these flaws are not yet in Android Open Source Project, device manufacturers that are not Google partners don’t have access to them. It also means that third-party AOSP-based firmware like CyanogenMod is still likely vulnerable. If we believe the resources then it is said that the patches are shared privately with some other affected parties, including Silent Circle and Mozilla.
Mozilla Firefox for Android, Windows and Mac, as well as Firefox OS were affected by the flaws because they used a forked version of Stagefright.

My Device is Vulnerable?

There has been an application called- Stagefright Detector to check if your device is vulnerable or not.The Result will be shown in format like CVE-2015-2838, CVE-2015-2839, and CVE-2015-2864.

How to protect from Stagefright Vulnerability?

1.     Update your device
2.     Disable Auto-fetching of MMS
3.     If you have Hangout SMS Enabled then in the Advanced uncheck Auto Retrieve MMS
        Patches for fixing the issue are soon going to be released to all device vendors-affected.

The Stagefright vulnerability was assigned with the following CVEs:
  1. CVE-2015-3829
  2. CVE-2015-3828
  3. CVE-2015-6602
  4. CVE-2015-3864
  5. CVE-2015-3827
  6. CVE-2015-3876
  7. CVE-2015-3824
  8. CVE-2015-1538
Google suggested that Android devices also include an application sandbox which is designed to protect user data and other applications on the device.
                                                                                                    [Screenshot of Gionee Elife E7 device]

                                                    - Ashish Chhatani
                                                             
                                                                                                                                                                                                                                                                                                                                

                                                                                                                                                                                                                                                                                  

Comments

Post a Comment

Popular posts from this blog

Dresscode-Android malware that can infiltrate corporate networks is spreading

-
Image
According to Trendmicro, DressCode-a family of Android malware, has been found circulating in at least 3,000 Trojanized apps. An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app. On Google Play, Trend Micro found more than 400 apps that are part of the DressCode family, it said. That's 10 times more than what security researchers at Check Point observed a month ago. Trend Micro added that one these apps on Google Play had been installed 100,000 to 500,000 times. Once installed, Dress Code's malicious coding will contact its command and control servers and receive orders from its developers. The malware is particularly dangerous because it can infiltrate whatever internet
Read more

Clickjacking leads Android ransomware to gain the administrative rights!

-
Image
What is Ransomware? Ransomware   is one type of malware which prevents or limits users from accessing their system.   File-encrypting ransomware which is also called as Cryptolocker applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator rights. What’s this Clickjacking? Clickjacking is a method that involves manipulating the UI in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements. Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an
Read more

Importance of secure SDLC

-
Image
Time does require the change. Isn’t it? We’ll talk about the importance of securely software development life cycle in this story. We all know what exactly SDLC is? SDLC stands for Software Development Life Cycle. The developers builds the applications for certain purpose. The SDLC process has got certain pre-defined phases.  Requirement Gathering: What is the purpose and what’s it going to take for building the application. Plan and Design: Plan the phases of development. Prioritize the modules and finalize the design suitable. Implementation: Start implementing the modules. Coding takes place. Testing: Test the modules which are built Deploy: Deploy the application once the application is tested properly. Maintain: Check whether the application behaves exactly in the same way it was meant to. Eliminate the vulnerabilities identified if any. This is how the traditional SDLC process works. There are certain models to accomplish the pr
Read more