Stagefright had done back in October 2015 after the discoveries of Zimperium company, which announced it had discovered a new flaw operator springs similar to those of Stagefright attack, namely the eponymous library used by Android for management of multimedia files including videos.
However, Google does not seem to have done with the flaws affecting this library. Israeli society Northbit and publish the results of their research on a new vulnerability affecting this same library and therefore having many similarities with the first version of the fault detected in 2015.
This first flaw allowed an attacker including installing potentially malicious application on the terminal of the user simply by sending an MMS trapped. No action was required on the part of the target, simply sending the message allow the attacker to execute code on the target device. The vulnerability has since been fixed, but Northbit has identified a new vulnerability based on the same principles.
Metaphor requires this time the user visits a malicious website using video content to the user. The video does not have to be viewed by the user and simply load the file can trigger the attack. This video seeks to reset the internal media server used by Android. Coupled with a JavaScript code on the page, this first step allows the attacker to retrieve information on the terminal of the target and displaying a second video to obtain a little more information before a third video specially modified to perform the active management of the feat.
Northbit described the attack as an example, but explains in his paper several possible attack vectors for the development of exploits was based on this same flaw. This allows the attacker to execute code on the target machine via a heap overflow technique (heap overflow). The peculiarity of this achievement is its ability to circumvent the protection tools developed by Google on Android to limit the scope of this type of attack. Android has indeed a random distribution of functionality of the address space (ASLR) implemented since Android 4.0. But the latter is bypassed by the method described by researchers Northbit Security.
To guard in the solution seems to be to apply all the different patches patches distributed by Google under different faults detected around Stagefright. NorthBit also notes that this feat alone may not be enough depending on the target phone, some manufacturers do not give all the same security permissions to the internal media server for Android. Northbit also states not having yet detected any attacks exploiting this type of exploit in the wild.
No comments:
Post a Comment