Only 95% of Android click on Twitter link · Response to "Stagefright" attack begins to be taken over by simply playing movies

ByMaria Elena

On 95% of Android devicesVulnerability to takeoverAbout hijackingMMS (Multimedia Messaging Service)Trend Micro has released a movie demonstrating not only reception and opening but also "click on Twitter link" and "play video".

MMS Not the Only Attack Vector for "Stagefright"

Attack From Local App - YouTube

Conceptual demonstration that this video can use vulnerability even from the application installed on Android terminal.

Include malware with Simple Media PlayerMP4 fileI'm trying to play.

At this time, you can confirm that the process ID (PID) of the media server has changed. The fact that the PID has changed means that the player crashed and started up again.

The PID changed from "10891" to "11023" has been changed to "11081".

When chasing this state with logs ......

First we found the first crash.

We will continue reading the log ...

I also found another crash.

In this way, when trying to handle illegal MP4 files on a vulnerable media serverHeap overflowCause.

Next is a demonstration of "I clicked the link on Twitter".

Attack From Twitter - YouTube

Check your account with Twitter app.

And tap the URL in the tweet.

Illegal MP4 file on link destination.

At this time, in the background the media server crashed and restarted.

Likewise, movies are released for MMS cases as well.

Attack From MMS - YouTube

The left is the victim role, right is the attacker role. An attacker sent an MMS embedded with an illegal MP4 file.

Upon receiving this MMS, we will be vulnerable without having to open the message.

As before, the PID of the media server has changed.

Sprint will start distributing patches for Stageflight compatible versions for Nexus 5 and Nexus 6, which we deal with immediately, and we will respond to other Nexus terminals sequentially. Samsung has also issued a patch for Galaxy S5, S6, S6 Edge, Note Edge.

Sprint Announces A Ton Of Stagefright - Related OTAs For Nexus (Build LMY 48I) And Galaxy Devices

Samsung Announces an Android Security Update Process to Ensure Timely Protection from Security Vulnerabilities - Samsung Electronics Official Blog: Samsung Tomorrow | Samsung Electronics Official Blog

However, the affected terminal is a tremendous amount of 95% of the whole Android. When will patches for other terminals be provided?

· 2015/08/07 10:25 postscript
Apart from regular updates, Google announced that it will deliver security updates for Android devices about once a month. As the first step, security updates will be delivered from 5th local time on August 5th, and in this OTA update "Stagefright" vulnerability will be fixed. The devices to be updated are Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, Nexus Player.

Official Android Blog: An Update to Nexus Devices

· 2015/08/10 11:55 postscript
Motorola also includes Moto X (1st and 2nd Generation), Moto X Pro, Moto Maxx / Turbo, Moto G (1st to 3rd Generation), Moto G (1st and 2nd Generation), Moto X Releasing patches for with 4 G LTE (1st and 2nd generation), Moto E (1st and 2nd generation), Moto E with 4G LTE (2nd generation), DROID Turbo, DROID Ultra / Mini / Maxx Announced.

- StageFright MMS messaging issue

in Video, Posted by logc_nt