BotNetzProvider.de Ein Security Blog über Honig-Töpfe (honeypots) , Bots und Bitcoin

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
28Jul/153

„Stagefright“ possible remote code excecution – disable MMS how-to

STAGEFIGHT-ANDROID-HACK

Security researcher Joshua Drake from Zimperium zLabs announced what he called "he worst Android vulnerabilities discovered to date[...]"

Who can be infected?
Mostly all Android phones ranging from Android version 2.2 bis 5.1.1.
Unfortunately, the bugs found by Zimperium allow shellcode – executable instructions disguised as harmless multimedia data to take control of your device as soon as the content of a malicious message is downloaded.

This bug, as ZimPerium wrote on their blog, can infect around 950.000.000 devices all around the world.

MMS

The infection is spread mostly using MMS and Hangout as MMS/SMS handler.
It's not confirmed but it could be only Android Version < 4.1 are vulnerable to this MMS attack but it is recommended to disable MMS until full-disclosure.

Is there a fix for this vulnerability ?
Not yet, Google did release some fixes and will fix the issue after Joshia's full-disclosure on August 5 at the Black-Hat

CyanogenMod did fix the issue: The following CVE's have been patched in CM12.0

How can I disable MMS functionality ?
Here is a step-by-step instruction which shows you how to disable your MMS functionality:
(Please make backups of the IP addresses in case you want to enable MMS later)

Video (German + ENG subtitles)

Step-by-Step

droidAtScreen-1

droidAtScreen-2

droidAtScreen-3

droidAtScreen-4






droidAtScreen-5

droidAtScreen-6

droidAtScreen-7

1. make a backup of the IP addresses or URL
2. Change alle URL / IP addresses to: 127.0.0.1 - this will disable your MMS functionality

droidAtScreen-8

droidAtScreen-9

droidAtScreen-10






droidAtScreen-11

droidAtScreen-12

It would be great if someone could send me some pictures of an English version of this step-by-step process.

veröffentlicht unter: English, Exploits, news, Sicherheit Kommentar schreiben
Kommentare (3) Trackbacks (0)
  1. YouTube did delete the previous video due to some „bad“ keywords in the description e.g. „Hack“.
    We did complain on youtube-forum: https://productforums.google.com/forum/#!topic/youtube-de/0cFAM1HM0_U;context-place=forum/youtube-de but until clarification we uploaded a new video with „clean“ Keywords.

  2. After some time contacting Youtube the original Video is back online.

  3. UPDATE:
    Based on the latest article from TrendMicro http://blog.trendmicro.com/trendlabs-security-intelligence/mms-not-the-only-attack-vector-for-stagefright/ it is also possible to send MP4 videos to infect Android devices.


Leave a comment

Noch keine Trackbacks.

/* google like button API */