Stagefright 2 : Another Android vulnerability in Mediaserver allows hackers to install malware through multimedia message
Stagefright vulnerability in Google’s Android operating system has been in headlines recently due to the fact that a large number of (1 billion+) smartphones are vulnerable to this attack. Since Zimperium discovered the the 6 Stagefright vulnerabilities related to Mediaserver in Android devices, Trend Microlabs has found another vulnerability called Silent Attack which can render Android smartphones to go silent or in a reboot loop after a hacker sends a specially crafted multimedia text.
Google has tried to patch the Stagefright vulnerability but it seems that the halfcooked patch had vulnerabilities of its own and we would have to wait till September 2015 for a full fledged Stagefright patch to be released.
In the meantime, TrendMicro Labs has discovered another vulnerability in the Android mediaserver which lets hackers install a malware by sending a specially crafted multimedia text message. As with other Stagefright vulnerabilities, this vulnerability affects almost all Android smartphones starting from Android 2.3 Gingerbread to 5.1.1 Lollipop version.
The vulnerability which is a extension of Stagefright has been found to be critical and has been accorded CVE-2015-3842.
How it works
Trend says that this vulnerability involves AudioEffect, a component of the mediaserver program. It uses an unchecked variable which comes from the client, which is usually an app. For an attack to begin, attackers convince the victim to install an app that doesn’t require any required permissions, giving them a false sense of security.
The Trend Micro Labs researchers tested the PoC using Google Nexus 6 running on Android 5.1.1 Build LMY47Z. Below is a portion of the PoC’s Java language source code.
In the PoC, when the app is running, the mediaserver component will crash at a random function. If the mediaserver component doesn’t crash, the POC app can be closed and run again.
The hackers can control on how they want to attack the target smartphone. The malicious can decide when to start the attack and when to cease it. An attacker would be able to run their malicious app with the same permissions that mediaserver already has as part of its normal routines. Since the mediaserver component deals with a lot of media-related tasks including taking pictures, reading MP4 files, and recording videos, the privacy of the victim may be at risk. Devices with customized versions of Android but with no modification made to the mediaserver component are also affected.
Trend Micro Labs has stated that it has informed Google of this vulnerability and Google has issued a patch for it via the Android Open Source Project (AOSP). Trend has also stated that it has not yet noticed the vulnerability being exploited in the wild.
But as is the case with all Android vulnerabilities, a large number of versions in circulation means that the patch does not percolate to the end user rendering them vulnerable to this and other vulnerabilities. Since this and other Stagefright vulnerabilities affect around a billion+ Android smartphones in circulation, it may not be long before some cyber criminal exploits it to gain access to the victims smartphone.