NorthBit gives source Stage Fright Metaphor exploit for Android free




The Israeli security company NorthBit has released the source code of its Stage Fright Metaphor exploit. This standard is applicable only to the Google Nexus 5 but can also be adapted to extend them to other devices.

NorthBit-CEO Gil Dabah make the publication known via Twitter. The company has the files hosted on GitHub. While the exploit can therefore be used directly against Nexus 5 devices running Android 5.1 for example, NorthBit states in his paper that adjusting the exploit to take other devices is just a matter of lookup tables create an Android ROM. “Adjusting the exploit is an” exercise for the reader. “I myself have not played it, but porting looks simple,” states NorthBit-cto Zuk Avraham. In the research report on the company Metaphor labeled the exploit already as “practical and feasible”. Thus, it is now possible that a malicious Web site set-up that uses a Metaphor and is applicable to a wide variety of terminals.

Android versions 2.2 to 4.0 and 5.0 and 5.1 are vulnerable to the Stage Fright Metaphor exploit. Worldwide would amount to 275 million Android devices. According to figures from cyber security Zimperium would be more than half of Android devices in the Netherlands are still vulnerable to the exploit, getting the stamping CVE-2015-3864 Google. Metaphor is striking that even the address space layout randomzation, or ASLR , knows defeat on Android 5.0 & 5.1. That there is proper for intended to prevent such a buffer overflow. Devices with a security patch level of October 1, 2015 or later are outside shot, Google said in a reaction opposite Ars Technica.

Users must be convinced by Metaphor to visit a website that is armed with infected mp4 files. These files do not even have to be opened by the user, parsing by the browser is enough. If the user long enough on the website, the attacker can get through remote code execution and privilege escalation full control over the device.

The Stage Fright vulnerability in Android was publicized by Zimperium made in July 2015. Although this vulnerability can be exploited in various ways by a hacker, these methods were often difficult, impractical and therefore unreliable. NorthBit with Metaphor claims to have developed a reliable new way to exploit Stage Fright.

Closing such security holes has many feet into the earth. While Google can develop the necessary fixes to leak like this, ultimately the manufacturers of many different Android smartphones themselves is to integrate and distribute their own devices. In many cases, it takes a long time before updates eventually reach devices, or control the devices, the updates at all because it is not profitable enough to continue to update older devices.


In: A Technology & Gadgets Asked By: [23633 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »