Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

steve2470

(37,457 posts) Fri Mar 18, 2016, 07:00 PM Mar 2016

'Millions' of Android phones vulnerable to new Stagefright exploit

(changed title to make it clearer)

http://www.theregister.co.uk/2016/03/17/stagefright_aslr_bypass/

A group of Israeli researchers reckon they've cracked the challenge of crafting a reliable exploit for the Stagefright vulnerability that emerged in Android last year.

In a paper [PDF] that's a cookbook on how to build the exploit for yourself, they suggest millions of unpatched Android devices are vulnerable to their design, which bypasses Android's security defenses. Visiting a hacker's webpage is enough to trigger a system compromise, we're told.

Since no hot piece of infosec action exists without a name these days, the paper, written by Hanan Be’er of North-Bit, dubs the implementation of the Stagefright exploit “Metaphor.”

Stagefright is the name of a software library used by Android to parse videos and other media; it can be exploited by a booby-trapped message or webpage to execute malicious code on vulnerable devices.

on edit: The good news is further down in the article. Google has released a patch for it.

Reply to this discussion