Stagefright: The Android Security Exploit Exposing Smartphone Users

pocket lint zimperium

The security company Zimperium made an announcement in July 2015 about finding a vulnerability in the Android operating system that had android users all over the world questioning how secure their android devices were. Stagefright is a potential security exploit that lives inside the android operating system. The attack is made through the libStageFright mechanism which helps all android devices process video files sent via MMS. Many messaging apps process the video automatically without any scanning and thus increased risk since the attacks could happen without the user’s potential knowledge of any existing threats. This could mean hundreds of thousands of attacks on android devices since the libStageFright mechanism dates back to android 2.2.

Google however addressed the problem, saying that at least 90 percent of the android devices have the ASLR (Address Space Layout Randomization) enabled technology that protects android users from the issue at hand. The ASLR method keeps the attacker from finding the function they want to exploit by randomly arranging the memory address space of any process, there is a 100/1 chance that your phone will be infected by a Stagefright virus so at least the odds are in your side. According to Google, anyone using Android 4.0 and above are safe from the attacks as ASLR was added to the Android version 4.0 and the following versions.

Zimperium however announced that a second round of Stage fright exploits  have been released. This round was not covered by the first patch released by Google to counter the attacks. The only difference between the first Stagefright and the second one is the attack vector. Whereas Stagefright 1.0 triggered the processing of the malicious video files via MMS messages, the new issue targets android devices through web pages that host the malicious media files. The effect of these attacks is that the attacker can run codes on the user’s device via the Stagefright library.

Stagefright 2.0 involves two system components, one of them being the libStageFright. It involves the libStageFright component making a call to libutils, a library that is the centre of the exploit. The call exposes the vulnerability in the device that makes the attacks possible. Stagefright 2.0 is however only dangerous on the Android 5.0 versions and higher since it is still technically in its current form.

There are already plans in place by Google to dispatch developed Stagefright patches. The company also claimed to update its Messenger and Hangouts apps so that they did not automatically process any video files received in the background to avoid passing the media to the media server process. There is however no need for panic as there is no existing evidence that the discovered vulnerability has ever been used.