Categories: Blog

Stagefright – All you need to know

Find out whether your device is vulnerable & Defend against Stagefright Vulnerability

Stagefright is one of the latest large scale vulnerabilities that swept up to a billion android devices all over the world. Basically speaking, stagefright vulnerability is the flaw which allows an attacker to control your android device by sending you an MMS message. It can be through your carrier services or Google Hangouts or any other services which has auto download MMS enabled. An attacker can gain access to your device by sending you a malicious MMS. If the malicious MMS gets downloaded in your device the attacker gets access. You need not open the MMS at all. By doing so, the attacker can access your emails, facebook, whatsapp & many other services in your device. So first and foremost, now itself switch off the auto-download Media option in Messaging, Google Hangouts & other specific services you have installed in your android device.

More Specific Details for the IT Guys.

Stagefright is actually a collective set of media formats bundled into a single library used for media playback in android OS. This was written in C++ native in order to improve media processing performance. But C++ is more prone to memory corruption & overflows. In August 2015 (ie this month when this article was written), a company named, Zimpremium providing enterprise mobile security solutions & services, discovered a set of vulnerabilities in the stagefright library. The R&D team of zLabs company officially presented the vulnerabillity in Blackhat USA Aug 5 & DEFCON 23 on Aug 7. In April 2015 an zLabs Security Researcher name Joshua Drake discovered this vulnerability in the Stagefright library. Though he has reported it to google & they have released patches, security researchers believe that there are still 950 million android devices that are vulnerable.

Technically Speaking

There are a set of seven remote code execution & privilege escalation vulnerabilities in the stagefright library. In depth technical details are not available though they are assigned the following CVE numbers. The  type of vulnerability, Impact & vulnerable object are mentioned respectively.

  • CVE-2015-1538 –  Integer Overflow, Remote Code Execution, MP4 Atom
  • CVE-2015-1539 –  Integer Overflow, Remote Code Execution, MP4 Atom
  • CVE-2015-3824 –  Integer Overflow, Remote Code Execution, MP4 Atom
  • CVE-2015-3826 –  Buffer Overread,  3GPP Metadata
  • CVE-2015-3827 – Integer Overflow, Remote Code Execution, MP4 Atom
  • CVE-2015-3828 – Integer Underflow, Remote Code Execution, 3GPP
  • CVE-2015-3829 – Integer Overflow, Remote Code Execution, MP4 Atom

See this Video for POC

For the common users & kids

This is nothing major, no need to turn off your smartphones or to increase your blood pressure. This is just simply a bad MMS/Media message which comes to your messaging or Google Hangout or similar apps. What you need to do is to just turn OFF automatic media download & make sure not to open any MMS or even text messages you receive from unknown senders. Also remember to update the apps your phone contains & install new android updates as soon as you see them. If yo are still afriad, turn off the Wifi or Mobile Data, then nobody dares to touch your device. (:P)

How to detect whether your device is Affected

There are some apps in the Play store which have come to detect this vulnerability. Using these apps, you can install them directly to your device & check for yourself from within your device itself. Here I have described 2 apps which can be helpful. They are given below:

  1. Stagefright Detector – Lookout Mobile Security
  2. Stagefright Detector – Zimperium INC.

Stagefright Detector – Lookout Mobile Security

Lookout Security

This is more intended to the normal users who doesn’t want the techie-wiggies. This app just clearly detects whether your device has the vulnerablility & shows the result summary. Finding this app is simple. Mostly this app will be the 2nd one when you search for “Stagefright Detector” in the Play store. However here is the link:

Stagefright Detector – Lookout Mobile Security

Install it as you would install a normal app. After installation, just open the app & it starts detection. Once detection is finished, it displays the result. Also it includes some intresting links.

This is simple as you unlock your phone. Try it.

Here are some Screenshots.

Stagefright Detector – Zimperium INC.

Zimperium

This the the app from the Official Security research firm that discovered this vulnerability. In addition to detecting whether vulnerable or not, it provides additional information on which exact variable your device is vulnerable. it also gives some more detailed output in Red & Green CVE Numbers.

eg: If your device has got the 2015-3824 vulnerability, it turns Red. Other which are non existent turns Green.

Finding & Installing the app is simple. This app will be the first one popping out when you search for “stagefright detector” in the play store. Following is the link to the app:

Stagefright Detector – Zimperium INC.

After installation, open the app & tap the “Begin Analysis” Button to start analysing your device. After successful detection, the app displays the result in a manner as described earlier.

Here are the screenshots:

How to defend against it ?

1.Update Android

The best solution is to update Android when it arrives. Officiallly Google has released Android 5.1.1_r9 which patches this issue. It has been made available for Nexus, HTC & Samsung as of now(August 2015). Soon patches for more devices is expected to arrive.

2. Disable Auto Downloads

In fact the first & foremost thing to do is to block all text & MMS messages from unknown sources. Attackers can use these MMSs like a phishing link to gain access into your android device. So here are a list of tasks to do

Turn OFF the auto retrieve for multimedia messages.

In your Android device, Goto Messaging > Settings >Auto-retrive & uncheck the option.

Do the same for Hangouts also.

Disabling Auto Retrive

Conclusion

After heartbleed vulnerability, the most widespread vulnerability which affects a large range of devices is stagefright vulnerability. There are system level & human level patches for this flaw. In my opnion, the human level patch & defence is more necessary as a lot of end-user devices are affected. Creating basic awareness of what this flaw is & how to defend against it is critical to all android device users equally. Helping one protect their Privacy is more like a social work than just saying that your device is vulnerable. So do it in any means you can.

Of Course if you think this article will help in any ways, sharing this will help somebody to protect themselves. So why are you waiting for. Please Like US, Follow US, Subscribe & give feedback.

Ravi Sankar

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

4 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

4 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

4 weeks ago