The last chapter in the history of the Stagefright write NorthBit researchers, presenting the results of a study - available here in PDF format - which highlights a new vulnerability Stagefright exploited with the exploit called Metaphor. On this occasion, the number of potentially exposed to the risk terminals is considerable: it refers to 275 million smartphones equipped with the Android operating system, 2.2 and 4.0 versions, 5.0 and 5.1.
Particularly vulnerable to the attack turned out to be the Nexus 5 comes with the stock ROM, but the security hole has also been established with other well-known smartphones like the HTC One, LG G3 and Samsung Galaxy S5. There is to say that, while potentially capable of hitting a very extensive range of devices, the risk intensity is not so 'high for the dynamics that make it possible to complete the attack.
As documented in the Norbit video demonstrating the Methaphor operation, inalizzare the attack and actually have the ability to remotely execute code, it requires a certain "collaboration" (involuntary) by the victim. The attack technique part by sending an email with a link to the malicious website containing media that the user could choose to play.
To take control of the remote terminal, the user must remain at the site for a fairly long time (just the permanence, is not called for the implementation of the content, eg. A video). Click on the link and prolonged stay in the website are two conditions that could not be met in any case (not enough open the link or move away quickly from site to not run into risks).
The threat, in any case, remains worthy of attention. In 2015 the "case Stagefright" helped define the security policy updates of the Android operating system that Google, after the media echo of the story, chose to release a monthly basis. It is therefore not impossible that the new vulnerability of Stagefright will be corrected with the next round of updates intended for Android terminals.
No comments:
Post a Comment