A new way to explore the Stagefright fault (CVE-2015-3864) Android was developed by researchers at NorthBit security firm. Metaphor called the exploit is described as “fast, reliable and invisible.” Ie it is able to take control of vulnerable systems without the user noticing and high success rate.
Metaphor works from flaws already known in the library libstagefright Android. Its distinguishing feature is the ability to bypass the ASLR, a system layer of protection that had hitherto hindered the exploitation of failure.
So even users running the version 5.0 and 5.1 of the Android , which until now were protected by ASLR, need not worry. Previously, only exploits for Android 2.2 and 4.0 were circulating, as these do not have ASLR and are already out of the update schedule.
According to the researchers, they managed to create an exploit that is ready to use by anyone. In the video released by them, we see below, the exploit can readily infect a Nexus 5 only with the user accessing a page that contains a video created for this purpose.
Researchers at NorthBit claim also failed to successfully use the exploit against a Galaxy S5, LG G3 and HTC One.
Since about 36% of Android users are on version 5.0 or 5.1, the case is of utmost importance. Zuk Avraham, president of Zimperium team who first discovered the flaw in 2015, commented on the new exploit:
“I would be supreso if multiple hackers groups no longer have Stagefrights exploits already in action. At the time, developed two exploits, but disclosed only one to protect to protect the ecosystem”
Zimperium had also found a way to bypass the ASLR (CVE-2015-6602), but released only after Google fix the problem. It was through MP3 and MP4 files modified, the user could receive via MMS, website, or other applications.
“The Search NorthBit provides an alternative method of breaking the ASLR. Are provided enough details to hackers groups create a fully functional exploit.”
In July last year, the Android security flaw that became known as Stagefright took large space in all the specialized sites. Many called it the “worst vulnerability in Android’s history.”
After so much noise, Google and manufacturers have taken steps to correct the problem. Nexus device users were the least have to worry, since Google has monthly their security patches and they do not need to come from operators, but direct the company.
Sony, ASUS, Motorola, LG and many others have taken steps to protect their customers, at least the more recent models.
This is why the claim that 36% of Android users are unprotected is doubtful, since receiving the correction patches are no longer vulnerable to Stagefright. This, however, does not greatly decreases the danger since most users rely on operators to receive their updates.
No comments:
Post a Comment