Zimperium Blog

Stagefright: Vulnerability Details, Stagefright Detector tool released

By: Zuk Avraham
Joshua Drake

The Stagefright vulnerability has been one of the hottest topics of discussion in the security industry since it was announced. In order to provide a detailed insight into the vulnerability and ease of exploitation, zLabs VP of Platform Research and Exploitation, Joshua Drake (@jduck) prepared the video below that demonstrates the attack.

You can watch the Stagefright demo video on ICS here:

Zimperium launched ‘Zimperium Handset Alliance’ (ZHA) on August 1, 2015 to share mobile security threat information to accelerate the availability of threat mitigations and updates. Over 25 of the largest global carriers and device manufacturers are already part of the Alliance. The strong interest in Zimperium Handset Alliance from mobile ecosystem partners is a clear indication of the critical need to exchange relevant threat information and provideupdate mobile devices as quickly as possible to protect customers. Zimperium is proud to drive this change.

  1. CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution
  2. CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution
  3. CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution
  4. CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution
  5. CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution
  6. CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution
  7. CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread
  8. CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution
  9. CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution
  10. CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution

POC files are attached –
https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Crash-PoC.zip

Stagefright Patches are available here –
https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Stagefright-Patches.zip

Samsung released an app that allows users to disable MMS on their devices. We would like to thank the KNOX group for working closely with Zimperium Handset Alliance to solve this issue on older devices. The Samsung MMS control app can be downloaded from: https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/Samsung_KNOX_and_ZHA_ap_MMSCtrl.apk

We are working with carriers and device vendors to design solutions to protect users that do not currently have Zimperium zIPS on their phones.

STAGEFRIGHT DETECTOR APP

Today Zimperium launched the ‘Stagefright detector App’ for Android users to test if their device is vulnerable. The app is available for download on the Android store. Download link: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector