A few updates to the Android StageFright vulnerability:
First, Google has promised a patch release for the issue this week, but where is it? Second, Samsung has been said to have released a patch for their applicable devices.
While blocking SMS/MMS messages from unknown sources is a great start, you should also disable automatic download of these messages. However, this will not fully protect you. Viewing a webpage with a specially-crafted malicious video can exploit the vulnerability as well. This really makes this issue a tricky one. How many users can really say they are able to identify a "sketchy" link or site with a high level of certainty? Not to mention, watering hole attacks and malvertising can throw that precautionary step right out the window.
Over at StackExchange, this post discusses a proof-of-concept mp4 video file that appears to exploit an overflow condition in one of the StageFright components. I cannot personally vouch for the file, but I did perform a brief analysis of it in a hex editor. It appears to define a field, named 'tx3g' that is very long, possibly causing the overflow condition. Details will be released over the next day or two by Joshua Drake aka JDuck, so expect more concrete PoC information to surface by weeks end.
Update: Below are links to the patches provided to Google for the issues. All of these are integer overflow or underflow issues.
https://android.googlesource.com/platform/frameworks/av/+/0e4e5a8%5E!/
https://android.googlesource.com/platform/frameworks/av/+/5c134e6%5E!/
https://android.googlesource.com/platform/frameworks/av/+/030d8d0%5E!/
Tuesday, August 4, 2015
Monday, July 27, 2015
StageFright: Critical Android MMS bug affects an estimated 95% of Android Devices
A flaw has been discovered affecting Android devices that allows an attacker to execute arbitrary code via a MMS message without user interaction. What does this mean? Someone, anyone. can send you a malicious MMS (SMS aka "text" message with multimedia attachment) that, upon receipt, will execute on your phone without you doing a single thing. Here is a more detailed read by the folks who discovered it. It will likely be referred to as "StageFright", as this is the back-end component that is affected. There were a total of 7 issues discovered, covered by the following CVE's:
Mitre: CVE-2015-1539
Mitre: CVE-2015-3824
Mitre: CVE-2015-3826
Mitre: CVE-2015-3827
Mitre: CVE-2015-3828
Mitre: CVE-2015-3829
How can I protect myself?
While a vendor patch is the only way to be fully protected, disabling auto receipt of MMS messages is one way to prevent the automatic execution of arbitrary code for this issue. I haven't seen this being talked about much yet, so spread the word!
In Hangouts:
Menu -> Settings -> SMS -> Auto retrieve MMS - uncheck this
In Messenger:
Menu -> Settings -> Advanced -> Auto-retrieve - turn this to 'off'
The bug finder, Joshua J. Drake (aka jduck), will be speaking at BlackHat 2015 about this issue in early August. Hopefully, patches will be delivered before then. At the very least, we all have a jump on this issue before it gets too ugly. Certainly, with the large number of devices affected and severity of the issue, it won't be long before exploit attempts will be observed in the wild. Be aware.
CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829 - See more at: http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/#sthash.fhyCvVdG.dpuf
CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829 - See more at: http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/#sthash.fhyCvVdG.dpuf
CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829 - See more at: http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/#sthash.fhyCvVdG.dpuf
Mitre: CVE-2015-1538Mitre: CVE-2015-1539
Mitre: CVE-2015-3824
Mitre: CVE-2015-3826
Mitre: CVE-2015-3827
Mitre: CVE-2015-3828
Mitre: CVE-2015-3829
How can I protect myself?
While a vendor patch is the only way to be fully protected, disabling auto receipt of MMS messages is one way to prevent the automatic execution of arbitrary code for this issue. I haven't seen this being talked about much yet, so spread the word!
In Hangouts:
Menu -> Settings -> SMS -> Auto retrieve MMS - uncheck this
In Messenger:
Menu -> Settings -> Advanced -> Auto-retrieve - turn this to 'off'
The bug finder, Joshua J. Drake (aka jduck), will be speaking at BlackHat 2015 about this issue in early August. Hopefully, patches will be delivered before then. At the very least, we all have a jump on this issue before it gets too ugly. Certainly, with the large number of devices affected and severity of the issue, it won't be long before exploit attempts will be observed in the wild. Be aware.
Subscribe to:
Posts (Atom)