StageFright can use videos sent via MMS as the source of the attack, through the mechanism libStageFright , which helps Android edit video files.
Many text messaging apps - including Google Hangouts - automatically edit videos so that the infected video is ready for users to watch as soon as they open the message.
For this reason, the attack could take place without users realizing it.
How to use StageFright to hack an Android device
StageFright is built into native code (ie, C ++), instead of languages that are secure in memory, such as Java, because multimedia processing is time-sensitive.
This in itself can lead to memory corruption. Therefore, the researchers analyzed the deeper corners of this code and discovered several vulnerabilities to execute remote code that attackers can exploit with various hacking techniques, including methods that do not even require the user's mobile number.
Below we will look at three popular techniques for StageFright hacking.
1. Sending Exploit as an Android application
In the first method, the attacker must know the user's mobile number to activate StageFright via MMS. If one wants to attack a large number of Android phones this way, one must first collect a large number of phones and then spend money on sending text messages to potential victims.
Alternatively, an attacker could integrate exploit into an Android application and view an infected MP4 file to enable StageFright exploit. Below we will see a video with this technique:
Researchers prove that Simple Media Player plays an MP4 file with the wrong format.
2. Embed Exploit in an HTML web page
The attacker simply embeds the infected MP4 file into an HTML webpage and publishes the webpage on the Internet.
Once a visitor opens the page from their Android device, they download the malicious file. The attacker's server then transmits a custom video file to the victim's device, taking advantage of StageFright vulnerabilities to reveal more details about the device's internal state.
Using the details sent by exploit to the hacker's server, the hacker can control the victim's smartphone.
3. Exploitation using multimedia message (MMS)
With this method, the attacker simply needs your phone number. It then sends you an MMS with an infected MP4 file. While downloading the file, the attacker remotely executes malicious code on your Android device, which could lead to a breach of your personal information or data loss.
How can I protect my Android device from StageFright attacks?
Google has corrected this bug in the latest version of Android. However, a large number of Android users have an older version, so it is up to their device manufacturers to protect their devices from StageFright.
As it sometimes takes manufacturers a long time to update the code, here is a list of actions that users can take to reduce their exposure to StageFright vulnerabilities.
- Disable mms auto recovery: Users can find this option in the message settings. When turned off, MP4 will not be downloaded automatically and will require the user to press a button to download and play.
- Installing applications from the official Play Store: Instead of downloading apps through third-party websites, you should look for their official versions in the Play Store. It is also a good idea to read user reviews in the applications before installing them.
- Be careful when visiting websites: Do not click or open suspicious links on the Internet. Click-bait titles may entice you to download attachments, but it is always wise to think before you open a website before taking any action.