Stagefright – One of the most threatening Android exploit ever discovered (July 30, 2015)

A new security vulnerability in Android OS which is collectively being dubbed by the security world as the “worst Android vulnerability” discovered till date has surfaced leaving millions of Android devices susceptible. This vulnerability has been coined as Stagefright by the research team that unearthed it.

The potency of a vulnerability often stems from the ease with which it can break the security of a target system. Stagefright trumps this condition as the attack can be remotely executed successfully without any user intervention.

Most of the Android devices today have Google Hangouts set as the default messaging application. The vulnerability comes from the way in which Hangouts handles messages. If an MMS message containing a video is received by Hangouts it starts the initial processing and keeps the video ready in the gallery to be viewed along with a preview in the message notification, this is done even before the user opens the message. So if an attacker sends a MMS message having a video and the malware code, Hangouts starts processing the message but inadvertently ends up executing the bundled malicious code.

Complete details about the vulnerability have not been released yet but based on a number of security forums, certain fields of a video metadata can be used to perform buffer overflow thereby allowing the attacker to execute malicious code on the device. More details about this vulnerability will be made public by the research team along with proof-of-concept exploit code at the BlackHat Security conference on August 5.

Google has already acknowledged the vulnerability and patched it in quick time. Unfortunately only the Nexus line of Google devices receive patches directly from Google, devices from other brands have to rely on manufacturers and carriers for software updates. Until then it is recommended to disable the “Auto retrieve MMS” feature from messaging apps:

• Hangouts: Select settings and choose SMS, then uncheck “Auto retrieve MMS”



• Messaging: Select options from upper right corner to go in Settings, there uncheck “MMS auto download”



• As a precaution it is recommended to disable functionality similar to “Auto Retrieve” from other messaging apps as well, for example Whatsapp:

  

Dell SonicWall Threats Research team will continue to monitor developments on this vulnerability and update our blogs accordingly.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.