More than a month after the discovery of multiple critical vulnerabilities in Android’s media library (libstagefright), several exploits are already on the wild, including one from Imperium that results in a reverse shell.

What follows is a python script that generates an MP4 exploiting the ‘stsc’ vulnerability otherwise known as CVE-2015-1538. [...] As detailed in Joshua Drake’s Black Hat and DEFCON presentations, this user has access to quite a few groups such as inet, audio, camera, and mediadrm. These groups allow an attacker to take pictures or listen to the microphone remotely without exploiting additional vulnerabilities.

Although this particular exploit does not work on Android 5.0 and later, other exploit developers claim to have successfully managed to bypass ASLR using an information leakage vulnerability in Stagefright.

submitted by daniel over 5 years ago, voted 23 times

Open | 0 comments

 

Labeled as “Certifi-Gate," the vulnerability is caused by insecure versions of remote administration tools installed by the manufacturers and carriers to provide remote customer service—including versions of TeamViewer, CommuniTake Remote Care, and MobileSupport by Rsupport. These carry certificates that give them complete access to the Android operating system and device hardware. The applications are commonly pre-installed on Samsung, LG, and HTC handsets.

Check Point has provided a free scanning application to allow individuals to determine if their Android device was vulnerable, and out of the 30,000 users that had opted to provide anonymous scan results, 58% of the Android devices scanned were vulnerable, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices with the vulnerable plug-in was LG with 72%.

submitted by daniel over 5 years ago, voted 30 times

Open | 0 comments

 

Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.

If the flaw in the keyboard is exploited, an attacker could remotely: Access sensors and resources like GPS, camera and microphone, secretly install malicious app(s) without the user knowing, tamper with how other apps work or how the phone works, eavesdrop on incoming/outgoing messages or voice calls, attempt to access sensitive personal data like pictures and text messages

This is a major vulnerability, and knowing the Android update cycle, probably 550 out of the 600 million devices will be left unpatched for a very long time...

submitted by daniel almost 6 years ago, voted 49 times

Open | 0 comments