Fully Functional Exploit for Stagefright Bug Posted for Android Devices

Zimperium a security company, during August 2015, found the Stagefright security flaw that led to the beginning of release of security updates every month starting September 2015 by Google to maintain upgraded Nexus devices.

Google tried rectifying Stagefright in September 2015, however the fix remained incomplete. This together with exploit of Stagefright 2.0 getting discovered compounded the problem that made the flaw more notorious.

The flaw an Android loophole had been accurately abused at NorthBit a software research firm in Israel, the firm's researchers claimed.

The abuse, known as Metaphor, is thoroughly explained inside a research document that NorthBit published along with displaying a film that depicted the bug getting executed on certain Nexus 5 device. Moreover according to NorthBit, a successful testing of the bug too was done on Samsung Galaxy S5, HTC One and LG G3.

Fossbytes reports that on downloading a malevolent missive, Stagefright re-configures a phone as well as makes it dispatch one unusual movie clip destined for the device even as Stagefright discloses further details regarding the handset. Dailymail.com posted this, March 21, 2016.

Thus, with the above details disclosed, a hacker may use them for compromising the device and acquiring admission into personal information while also copy data as well as utilize its camera and microphone.

NorthBit's security investigators stated they managed towards developing an exploit which could get employed against Stagefright on only versions 5.1, 5.0, 4.0 and 2.2 of Android. The exploit was created based on research by Google, NorthBit's research document stated.

Google issued one fix for Stagefright bug while gave word of routinely releasing security updates to keep check on future bugs of Android phones after Stagefright's details got published. Incidentally, written within C++, Stagefright has been found as certain software library which's built in Android's OS.

Stagefright, an accumulation of software vulnerabilities, impacts Android's OS, letting any ill-intentioned person to execute random activities on the infected iphone via executing code remotely.

NorthBit's research indicates another technique for cracking ASLR by exposing details through media-server. There are enough details in the company's research document for skilled hackers towards completing one wholly functional as also reliable exploit.

» SPAMfighter News - 3/29/2016