In July 2015, mobile-security firm Zimperium declared it discovered a high-severity vulnerability inside the Android operating system. The critical flaw exists in a core component named “StageFright,” a native media playback library Android uses to record, process and play multimedia files.
Further details were disclosed publicly at the BlackHat conference in August 2015 — but not before the news revealed billions of Android devices could potentially be compromised without users knowing. Researchers stated StageFright weaknesses are all “remote execution” bugs, enabling malicious hackers to infiltrate Android devices and exfiltrate personal data.
How Does StageFright Work?
StageFright can use videos sent through MMS as a source of attack via the libStageFright mechanism, which assists Android in processing video files. Several text messaging applications — including Google Hangouts — automatically process videos so the infected video is ready for users to watch as soon as they open the message. For this reason, the attack could take place without users even finding out.
It seems laborious, but it works within a matter of seconds: a typical StageFright attack breaks into a device within 20 seconds. And while it’s most effective on Android devices running stock firmware like Nexus 5, it’s known to function on the customized Android variants running on phones like the Samsung Galaxy S5, LG G3 and HTC One. StageFright’s popularity made it the first mobile-only threat featured on WatchGuard Threat Lab’s top-ten list of hacking attacks detected by IPS in 2017.
How to Use StageFright to Hack Android
The StageFright component is embedded in native code (i.e., C++), instead of memory-safe languages such as Java, because media processing is time sensitive. This itself can result in memory corruption. Researchers therefore analyzed the deepest corners of this code and discovered several remote code execution vulnerabilities attackers can exploit with various hacking techniques, including methods that don’t even require the user’s mobile number.
The Stagefright media playback tool in Android has a vulnerability that allows hackers access to most phones from a text message, but you can defend yourself. Stagefright Protected: As you can see below, the message was not downloaded and the thumbnail hasn’t been resolved, so if this video has an exploit targeting Stagefright then it will not yet be able to execute its code. The message has a nice “Stagefright Protection” label beneath it.
Here are the three most popular StageFright hacking techniques.
1. Place Exploit in Android App
ZDNet – Stagefright: Just how scary is it for Android users? Twilio – How to Protect Your Android Phone From the Stagefright Bug This entry was posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing. Aug 14, 2015 A couple weeks ago I manually upgraded my ancient Galaxy S2 OS to 4.1.2, only to get infected by Stagefright days later. The text message in question had the MMS video linked, which I stupidly opened (it used my father's number as the sender). Now all my outgoing text messages have that mms video - the virus replicating itself, I assume. You can also see our advanced troubleshooting page or search the Microsoft virus and malware community for more help. If you’re using Windows XP, see our Windows XP end of support page.
In the original hacking method (discussed later), the hacker had to know the user’s mobile number for triggering StageFright via MMS. If an adversary wants to attack a large number of Android phones with this message, he/she should first gather a large number of phone numbers and then spend money in sending out text messages to potential victims.
Alternatively, the hacker can embed the exploit in an Android app and play the infected MP4 file to trigger the StageFright exploit. Here’s a video of the concept:
Researchers demonstrate Simple Media Player playing a malformed MP4 file. The
PID of the mediaserver changes, causing it to crash and restart.
2. Embed Exploit in HTML Webpage
The adversary simply embeds the infected MP4 file into an HTML web page and publishes the web page on the Internet. Once a visitor opens the page from his/her Android device, the malicious multimedia file is downloaded, resetting the internal state of the device. The attacker’s server then transmits a custom generated video file to the victim’s device, exploiting the StageFright vulnerability to reveal more details about the internal state of the device. Using the details sent by the exploit to the hacker’s server, the hacker is able to control the victim’s smartphone. Watch the proof of exploit below:
This new method also guides white hat hackers, black hat hackers and even government spying organizations on developing the StageFright exploit for themselves — here’s the
PDF manual.
3. Using Multimedia Message (MMS) For Exploit
With this method, the adversary just requires your phone number. They then send you an MMS with an infected MP4 file. When the file is downloaded, the hacker remotely executes malicious code on your Android device that can result in compromise of your private information or loss of data.
And because users get a preview of any message received over the air on all the newest versions of Android OS, this means that the attached malicious file is downloaded automatically. In addition, apps like Hangouts have an auto-retrieve feature. This increases the severity of the threat as it doesn’t require users to take any action to be exploited.
Essentially, the adversary can just send the message, trigger the code and wipe the trace while the victim is sleeping (the message can be deleted even before the user sees it). The next day, the user continues using his/her affected phone without knowing about the compromise.
How Can I Protect My Android Device From StageFright Attacks?
Google has patched the bug in the latest release of Android OS. However, a large number of Android users have an older version of Android, so it is up to their devices’ manufacturers to safeguard the devices against StageFright.
Since it sometimes takes manufacturers a long time to release patches, here are a list of things users can do to reduce their risk exposure to StageFright vulnerability.
- Disable mms auto-retrieval: Users can find this option in message settings. Once disabled, MP4s won’t download automatically — they will require the user to tap a placeholder or a similar element. Therefore, there’s no risk unless the user opts to download the MMS.
- Install apps from official Play Store: Instead of downloading apps via third-party websites, users should look for their official Play Store versions. It’s also a good idea to read app reviews before proceeding with the installation.
- Be vigilant when visiting web pages: Do not click or open suspicious links on the Internet. Click-bait titles may tempt you into downloading attachments, but it’s always smart to run a self-diagnosis of the site before taking an action. Does it look legit? Does a similar site also require you to download attachments? Answering questions like these will enable you to make an informed decision.
Android 7.0 Nougat came with a rebuilt media playback system that’s designed to protect against StageFright family of exploits. However, several device owners are running the old Android OS with an outdated mediaserver. Hence, the above-mentioned preventive measures are more of a necessity than an option when it comes to protecting Android against StageFright.
Check out more articles about Android Hacking tools:
These programs are the most common of malware, and they can destroy private files, operating systems, or open vulnerabilities for other malware infections.
Computer viruses have been around for decades. A computer virus is the original malicious program created at the very beginning of computer inception before the Internet was even created. These programs are the most common of malware, and they can destroy private files, operating systems, or open vulnerabilities for other malware infections.
General History of Viruses
One of the very first computer viruses was written as a prank. It was written for the Apple II computer, and it infected any floppy disk inserted after infection. On the 50th boot, the Elk Cloner virus would display a poem. It was a harmless yet effective way of self-replicating a computer program.
In the 1970s, a virus named Creeper was created and distributed over the original version of the Internet – ARPANET. The virus displayed a simple message that said “I’m a creeper, catch me if you can!” A counter program named Reaper was then created to delete the virus – a sort of “antivirus” before antivirus applications were created.
In the 1980s, virus creators become more vicious and compiled programs that destroyed and deleted files. The limitation for virus creators was that the programs had to be spread using floppy disks passed from user to user. When the Internet became popular in the 1990s, viruses had a more convenient way to spread – websites and email. The 1990s is when viruses begin to spread more rapidly, and there are now over 17 million viruses since 2012.
What Does a Virus Do?
Although trojans and viruses often get lumped into the same category, they are different types of computer programs. A trojan gives a hacker access to your machine. A virus is meant to self-replicate, destroy or delete data, ruin boot sequences, or just send data to another user. With over 17 million viruses, it’s difficult to list every function of a virus. However, the main target for a computer hacker is someone with data to delete, destroy, or steal.
One main component of a computer virus is the replication factor. A virus isn’t efficient if it infects one PC and doesn’t spread to any other machines. To be effective, the virus must be able to replicate to other machines using any type of vector – diskettes, flash drives, the internet or email. This is done in numerous ways, most of which are clever ideas from virus creators. For instance, the 1990s saw several viruses that replicated through email. The virus would scan the user’s computer for contacts, and then email a copy of itself to all contacts. All it takes is for one user to open and run the malware to spread to dozens of more users. A couple of those dozen runs it again, and the virus is spread exponentially. As you can probably see, the strategy is extremely efficient.
Viruses started out corrupting boot files and deleting files, but current viruses are often used to steal data. Sensitive data makes hackers a high amount of cash on the black market. For this reason, most hackers go for data theft instead of just deleting important files.
Virus makers have even moved on to mobile devices. It wasn’t until the last few years that people did online banking from their phone, paid through apps, stored private information and shared documents using a mobile device. Most users don’t even have any type of antivirus installed on their smartphone, so it’s the perfect haven for virus creators.
What Can You Do to Avoid Viruses?
Because a majority of users had Windows a decade ago, most viruses targeted Windows users. Linux and Apple computers had very few viruses made for their operating system. Remember that virus creators must be able to replicate the virus across machines, so targeting Apple and Linux was a poor choice – there weren’t enough of these users. Today, however, the operating landscape is much different.
Times have changed and Linux and Apple computers continue to gain traction. It used to be that simply having an operating system besides Windows protected you from viruses. This isn’t the case anymore.
The first step towards avoiding viruses is only installing software you download from an official source. For instance, if you want to install Microsoft Office, you should only install it from Microsoft’s site or from a packaged suite you buy in a store. Virus writers use common programs distributed on third-party sites to help persuade users to install malware on their machines. These programs sometimes install the actual application, but then the creators add an extra malware piece to the installation process.
Some malware creators still use email. A person’s email is used to send a link to a group of contacts from the victim’s machine. The link points users to a virus file or a site where the user can download the virus. If you get a strange email from someone you know, alert the person that their email could be hacked but don’t click the link.
If you receive an email with an executable attachment, you should either scan it or avoid running it on your computer altogether.
A few common file extensions that can install viruses:
How To Get Rid Of Stagefright Virus Windows 10
- EXE
- CMD
- VBS
- ZIP.EXE
- TXT.EXE
How To Get Rid Of Stagefright Virus Without
The last two are used to mask the actual executable. Users see the TXT extension and immediately think the file is just a text file. They double-click the file and an executable runs with the virus instead of opening a plain text document. It’s the same with the zip extension. Users think they will open a zip file, but they run a virus executable instead.
Browsers sometimes leave your system open to malware. Older browsers such as Internet Explorer 6 were often the target of hackers. IE6 was commonly known for its vulnerability where hackers could install malware on a PC just when the user browses a website. Always keep your browser up-to-date, and install security patches when they are published. Internet Explorer has gotten more secure through the years, but most experts stick with FireFox or Chrome.
The basic rule of thumb for avoiding viruses is “only install software from a vendor you trust.”
Removing Viruses from Your PC
For the most part, viruses copy themselves to system directories. They create registry entries on your computer as well. The best and safest way to remove a virus from your computer is to run a good antivirus application on your computer. If you haven’t updated definition files, update them either through the application or download them from the official antivirus manufacturer. With a full scan on your computer using the latest definition files, you can rid your computer of most viruses in the wild.