STAGEFRIGHT Attack: 5 Devastating CyberSecurity Flaws (Part#1)


Nobody wants to get hacked. victims can have their identity stolen, their private photos leaked, or their computer infected with malicious software( malware).
Hackers can even block or quietly replace the website, software and files. Whatever Hollywood thinks though, hacking doesn't magically happen when you type really fast☺☺.

The has to be some security vulnerability, some hole that lets the hackers do something they shouldn't be able to do. The most vulnerable component is usually the one sitting between the chair and the keyboard. But often there are hidden flaws in the technology itself.

In 2017 alone companies and researchers reported nearly 15,00 security vulnerabilities in tech products. I have published a few of well-known security flaws in the past, and most of the less famous once are pretty minor.
but some are even devasting vulnerabilities don't get much press.
Here are 5 most Obscure flaws from the past few years that gave security experts/pros cold sweats.

STAGEFRIGHT

Stagefright was an especially alarming type of vulnerability: remote code execution or RCE.RCE flaws let attackers run any program they please without even getting you to click on the CHEAP_VIAGRA.EXE email attachment.

Stagefright is able to get your phone to run programs with a common technique called buffer overflow, which entails stuffing more data into the program's memory than the program made room for.

In stagefright case, the buffer overflow was caused by bugs in the Andriod component that loads a type of video file called MPED.

Each chunk of a MPEG file is preceded by a number specifying how many bytes are coming up, Andriod will now reserve a buffer or memory block, as Big as the chunk said it needed. If enough memory is available, you'd get an error... unless that is the request was really large.

For a specific range around 4.3 billion, Andriod would instead reserve a ting memory buffer.
At the time, ost Andriod device stored each number in a format that used 32 once and zeros, given a range from 0 to about 4,3 billion .if you try to add 10 to the largest number a computer can handle, it just wraps around to 0 and gives back 9.

It like when an old car odometer runs out of digits and starts insisting you've driven 0 miles. With stagefright, hackers cloud trigger these wraparound and trick android into given them a small memory block .all they have to do is to craft a video file that claimed a huge upcoming chunk size followed by a bid chunk Malware.

Your Phone would reserve an undersized buffer, fill it up and then just keep going copying the malware over whatever happens to be a stored in the next block of memory.

WHAT MAKES STAGEFRIGHT SCARY


 First: there is the attack method; Andriod has a feature that would automatically preload video messages so your device cloud is compromised just via your phone number with no action on your part.

Second: Andriod's Media Players has a lot of control over your phone. On some versions, it can even install new apps or siphon off email and contacts. This means ever formal security is shattered: you lose confidentiality od the data from your camera, Bluetooth connections and etc. 

You lose the integrity of data the phone can access since it van be corrupted by malware . and you lose availability of your phone if hackers lock you out.

Google did release patches but it highlights this problem: smartphone manufactures don't always distribute update right away, so tens of millions of devices might never get the patch.


Previous Post Next Post