Jump to content

new Android vulnerability by processing mp3 / mp4 media

zMeul
By zMeul
in Tech News
 Share
Posted

source: https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/

 

Following our discovery of vulnerabilities in the Stagefright library in April, Zimperium Mobile Threat Protection, zLabs VP of Research Joshua J. Drake continued researching media processing in Android. His continued research, which focused on remote attacks against current devices, led to the discovery of yet another security issue.

Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 to vulnerability in libutils. We plan to share CVE information for the second vulnerability as soon as it is available.

What is the impact of this issue?

  • Confirmed remote code execution (RCE) impact via libstagefright on Android 5.0 and later.
  • Older devices may be impacted if the vulnerable function in libutils is used (using third party apps, vendor or carrier functionality pre-loaded to the phone).

What is the vulnerability ?
Processing specially crafted MP3 or MP4 files can lead to arbitrary code execution.

How the attack can be triggered ?

The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. Since the primary attack vector of MMS has been removed in newer versions of Google’s Hangouts and Messenger apps, the likely attack vector would be via the Web browser.

  1. An attacker would try to convince an unsuspecting user to visit a URL pointing at an attacker controlled Web site (e.g., mobile spear-phishing or malicious ad campaign)
  2. An attacker on the same network could inject the exploit using common traffic interception techniques (MITM) to unencrypted network traffic destined for the browser.
  3. 3rd party apps (Media Players, Instant Messengers, etc.) that are using the vulnerable library.

 

 

 

---

 

yes, Google will patch this fairly quickly for the hardware they have direct control of, Nexus devices; but what about the rest?

it is very well known Android device makers are slow or outright not interested in updating their handsets for patching up vulnerabilities

 

for example, I have a Vodafone Smart III that hasn't received a SW update, ever; it's still vulnerable to HeartBleed OpenSSL exploit .. Vodafone's response? they claim the device isn't vulnerable at all  <_<

Link to post
Share on other sites
Posted

*looks at his Windows Phone and laughs hysterically*

Remember kids, the only difference between screwing around and science is writing it down. - Adam Savage

 

PHOΞNIX Ryzen 5 1600 @ 3.75GHz | Corsair LPX 16Gb DDR4 @ 2933 | MSI B350 Tomahawk | Sapphire RX 480 Nitro+ 8Gb | Intel 535 120Gb | Western Digital WD5000AAKS x2 | Cooler Master HAF XB Evo | Corsair H80 + Corsair SP120 | Cooler Master 120mm AF | Corsair SP120 | Icy Box IB-172SK-B | OCZ CX500W | Acer GF246 24" + AOC <some model> 21.5" | Steelseries Apex 350 | Steelseries Diablo 3 | Steelseries Syberia RAW Prism | Corsair HS-1 | Akai AM-A1

D.VA coming soon™ xoxo

Sapphire Acer Aspire 1410 Celeron 743 | 3Gb DDR2-667 | 120Gb HDD | Windows 10 Home x32

Vault Tec Celeron 420 | 2Gb DDR2-667 | Storage pending | Open Media Vault

gh0st Asus K50IJ T3100 | 2Gb DDR2-667 | 40Gb HDD | Ubuntu 17.04

Diskord Apple MacBook A1181 Mid-2007 Core2Duo T7400 @2.16GHz | 4Gb DDR2-667 | 120Gb HDD | Windows 10 Pro x32

Firebird//Phoeniix FX-4320 | Gigabyte 990X-Gaming SLI | Asus GTS 450 | 16Gb DDR3-1600 | 2x Intel 535 250Gb | 4x 10Tb Western Digital Red | 600W Segotep custom refurb unit | Windows 10 Pro x64 // offisite backup and dad's PC

 

Saint Olms Apple iPhone 6 16Gb Gold

Archon Microsoft Lumia 640 LTE

Gulliver Nokia Lumia 1320

Werkfern Nokia Lumia 520

Hydromancer Acer Liquid Z220

Link to post
Share on other sites
Posted

This newer security vulnerability seems quite frightening...

CPU: Intel i7 8700K | CPU Cooler: be quiet! Dark Rock Pro 3 | RAM: Kingston HyperX 2x8GB | Motherboard: Asus ROG Z370-E | GPU: MSI GTX 970 | HDD: Seagate Barracuda 1TB & 2TB | SSD: Samsung 840 EVO 250GB & 970 EVO M.2 500GB | Case: Phanteks Enthoo Evolv X | PSU: Silverstone Platinum Strider 1100W | Monitor: AOC i2367Fh | Headphones: ATH-M40X | Mic: Antlion ModMic 4 | Keyboard: Corsair K70 RGB w/ MX Browns | Mouse: Logitech G502 HERO

 

Make sure you quote or mention the person you're replying to in your comment. Also remember to follow your thread when creating it to get a notification every time someone replies. 

Be nice and have fun. Cheers!

Link to post
Share on other sites
Posted

I shouldn't be saying this, but I'm glad I went with iOS instead of an Android device...

Check out my guide on how to scan cover art here!

Local asshole and 6th generation console enthusiast.

Link to post
Share on other sites
Posted

Mp3gate! Users beware! The Gates are upon us.

 

I hope this gets fixed soon, but the fragmented nature of Android is a big issue for many, even if they don't realise it with their device.

5950X | NH D15S | 64GB 3200Mhz | RTX 3090 | ASUS PG348Q+MG278Q

 

Link to post
Share on other sites
Posted

Quick everyone laugh at how android is shit :D

/s

Desktop - Corsair 300r i7 4770k H100i MSI 780ti 16GB Vengeance Pro 2400mhz Crucial MX100 512gb Samsung Evo 250gb 2 TB WD Green, AOC Q2770PQU 1440p 27" monitor Laptop Clevo W110er - 11.6" 768p, i5 3230m, 650m GT 2gb, OCZ vertex 4 256gb,  4gb ram, Server: Fractal Define Mini, MSI Z78-G43, Intel G3220, 8GB Corsair Vengeance, 4x 3tb WD Reds in Raid 10, Phone Oppo Reno 10x 256gb , Camera Sony A7iii

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing Tech News

×