STAGEFRIGHT Attack: 5 Devastating Security Flaws (Part#1)

11 46
Avatar for Secure
Written by
4 years ago

Nobody wants to get hacked. victims can have their identity stolen, their private photos leaked, or their computer infected with malicious software( malware).

Hackers can even block or quietly replace the website, software and files. Whatever Hollywood thinks though, hacking doesn't magically happen when you type really fast☺☺.

The has to be some security vulnerability, some hole that lets the hackers do something they shouldn't be able to do. The most vulnerable component is usually the one sitting between the chair and the keyboard. But often there are hidden flaws in the technology itself.

In 2017 alone companies and researchers reported nearly 15,00 security vulnerabilities in tech products. I have published a few of well-known security flaws in the past, and most of the less famous once are pretty minor.

but some are even devasting vulnerabilities don't get much press.

Here are 5 most Obscure flaws from the past few years that gave security experts/pros cold sweats.

STAGEFRIGHT

Stagefright was an especially alarming type of vulnerability: remote code execution or RCE.RCE flaws let attackers run any program they please without even getting you to click on the CHEAP_VIAGRA.EXE email attachment.

Stagefright was able to get your phone to run programs with a common technique called buffer overflow, which entails stuffing more data into the program's memory than the program made room for.

In stagefright case, the buffer overflow was caused by bugs in the Andriod component that loads a type of video file called MPED.

Each chunk of a MPEG file is preceded by a number specifying how many bytes are coming up, Andriod will now reserve a buffer or memory block, as Big as the chunk said it needed. If enough memory is available, you'd get an error... unless that is the request was really large.

For a specific range around 4.3 billion, Andriod would instead reserve a ting memory buffer.

At the time, ost Andriod device stored each number in a format that used 32 once and zeros, given a range from 0 to about 4,3 billion .if you try to add 10 to the largest number a computer can handle, it just wraps around to 0 and gives back 9.

It like when an old car odometer runs out of digits and starts insisting you've driven 0 miles. With stagefright, hackers cloud trigger these wraparound and trick android into given them a small memory block .all they have to do is to craft a video file that claimed a huge upcoming chunk size followed by a bid chunk Malware.

Your Phone would reserve an undersized buffer, fill it up and then just keep going copying the malware over whatever happens to be a stored in the next block of memory.

WHAT MAKES STAGEFRIGHT SCARY

 First: there is the attack method; Andriod has a feature that would automatically preload video messages so your device cloud is compromised just via your phone number with no action on your part.

Second: Andriod's Media Players has a lot of control over your phone. On some versions, it can even install new apps or siphon off email and contacts. This means ever formal security is shattered: you lose confidentiality od the data from your camera, Bluetooth connections and etc. 

You lose the integrity of data the phone can access since it van be corrupted by malware . and you lose availability of your phone if hackers lock you out.

Google did release patches but it highlights this problem: smartphone manufactures don't always distribute update right away, so tens of millions of devices might never get the patch.



15
$ 1.18
$ 1.18 from @TheRandomRewarder
Sponsors of Secure
empty
empty
empty
Avatar for Secure
Written by
4 years ago

Comments

good article.

$ 0.00
4 years ago

Thanks for reading 📖🙏💕

$ 0.00
4 years ago

Waah its really scary. I feel like I'm having trust issues now. Woahh 😭

$ 0.00
4 years ago

This attack is even worse than zero-click vulnerability found in apple mail app

$ 0.00
4 years ago

This is what I never want to experience as a netizen.

$ 0.00
User's avatar Jim
4 years ago

I dont want to experience this😢

$ 0.00
4 years ago

Wow now that's pretty scary, I hadn't even heard of Stage fright to this day. Now this article really got to me and now I'm wondering if I'm really secure lol. Thanks for sharing my friend, it was a beautiful read

$ 0.01
4 years ago

OMG!! Very insightful but scary

$ 0.01
4 years ago

Very nice article i appreciate it

$ 0.00
4 years ago

Nice article...

$ 0.00
4 years ago

Haven't heard of it before, seems nice but kinda creepy o, have you used it before 😶

$ 0.00
4 years ago