Stagefright Vulnerability is Back, Millions of Android Devices At Risk

The mother of all android vulnerabilities is back again. Last year, the stagefright bug had put some 950 million android phones at risk of hacking. And now millions of android devices are at risk again. A group of Israeli researchers claim that they have found a new way to exploit the vulnerability.

What is Stagefright?

“Stagefright” is the name of the media library—a portion of Android’s open source code—in which the bugs were found. It’s obviously a great bug name, too. The original stagefright vulnerability was discovered by the researchers at Zimperium. Google has since issued multiple patches and fixes to the stagefright vulnerability.

Metaphor - A (real) real­ life Stagefright exploit

The research company NorthBit, based in Israel, published a paper 'Metaphor' - that's the name of their stagefright implementation. The paper presents the research results, further details the vulnerability’s limitations and depicts a way to bypass ASLR as well as future research suggestions. They present a more thorough research of libstagefright and new techniques used to bypass ASLR.

The company also said that the exploit works best on Nexus 5 with stock ROM. It was also tested on HTC One, LG G3 and Samsung S5, however exploitation is slightly different between different vendors.

The team built a working exploit affecting Android versions 2.2 - 4.0 and 5.0 - 5.1, while bypassing ASLR on versions 5.0 - 5.1 (as Android versions 2.2 - 4.0 do not implement ASLR). They even shared the distribution of Android platform versions taken from statista, which depicted -

● 23.5% of Android devices are versions 5.0 ­ 5.1 ­ about 235,000,000 devices

● 4.0% of Android versions are versions 2.x with no ASLR ­ about 40,000,000 devices

"Looking at these numbers, it's hard to comprehend how many devices are potentially vulnerable," NorthBit wrote.


Published on Mar 18, 2016
Hardeep Singh
Written by Hardeep Singh
Outreach Manager @appknox. #ProactiveAlways towards Social Media, Startups and Tech Evangelism.


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now