In this article, We will be talking about the most famous vulnerability in Android world which is Stagefright. Let’s start with “What is Stagefright?”
Stagefright is a library that exist in Android systems and supports multimedia formats. Android Architecture is in modular form that means every process in android runs separately corresponding to its library.So the Stagefright which is “libstagefright” , executes inside the Media Server. Moreover, Media Server runs as a Privileged process and hence have control over to some of the system processes. Now, Since it runs as system process and privileged one, a malicious user can Monitor your activities, opens up camera, record sound etc., once your android phone is exploited. “libstagefright” have the bug which is termed as Stagefright.
This Vulnerability was found by Zimperium Mobile Security company,Researcher Joshua J Drake .A.K.A. Jduck explained this attack. Further knowledge on this topic can be found on this link.
Everyone have android phones nowadays and the worst part of all this is, this vulnerability is still haven’t been patched. This vulnerability was first encountered in 2008 with the very first release of android version 1.0 which was found in “libutils”.
Lets take a look at “how it works?”
Stagefright library support multimedia playbacks. It unpacks the multimedia for us to watch and extracts metadata from gallery. It is one of the important and big library in android systems. Now since it runs in privileged mode, if an attacker sends a malicious mp3/mp4 file to you, the media server would get crashed exposing you to attacker. The worst thing is that it can be triggered with metas too.
This vulnerability doesn’t work on all android system. In some android system Media Server crashes,Some times create heap memory corruptions,buffer overflows etc. Actually this is not just one vulnerability, It is a collection of bugs found in different android versions or systems.Since this vulnerability was only tested in Google Nexus phone, there is not a foolproof way to answer every phone have the same vulnerability. Here a list of CVE that is available and every phone have a different vulnerability state.
- CVE-2015-1538
- CVE-2015-1539
- CVE-2015-3827
- CVE-2015-3826
- CVE-2015-3828
- CVE-2015-3824
- CVE-2015-3829
- CVE-2015-6602
- CVE-2015-3864
- CVE-2015-3876
Detect the CVE your Android is vulnerable to through this application: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en
How to craft malicious mp4/mp3 files to exploit Stagefright or test it on your phone?
This would be the only thing you might be here for. Exploit-DB provides two written python codes for exploiting CVE: 2015-3864 and CVE: 2015-1538. You can check those out for testing purpose, but there’s no guarantee that they will work perfectly fine on you device because they are tested on a particular device.(Let’s skip it till next tutorial. If you know what I mean!).
How Attackers could attack you with Stagefright maliciously crafted mp4?
There are many ways to do that. It all depends on how wide you think. There are more than 10 ways to do that, Here are a few ways:
- MMS (You can patch it by disabling the auto processing of MMS)
- Emails
- Chat groups where you can send multimedia.
- Bluetooth
- Browser downloads
- HTML video <embed>
- Misc -Gallery
- Physical – SD card , USB OTG drives etc.
Stay Anonymous 🙂
Ciao!