News: 'Metaphor' Exploit Threatens Millions of Android DevicesHere's How to Stay Safe
The Stagefright exploit, which allowed for malicious code to be embedded in files on your device, is now very real in the form of Metaphor. Developed by software research company NorthBit, Metaphor is their implementation of exploits to the Stagefright library, and when executed, can access and control data on your device.
What Metaphor DoesAndroid devices running 2.2 to 4.0 as well as 5.0/5.1 are potentially vulnerable. While testing Metaphor, NorthBit found that the exploit works on the Nexus 5, HTC One, LG G3, and Samsung Galaxy S5. There's no reason to believe it won't work on other phones as well. According to NorthBit, it was easiest to hack Google's Nexus 5, which they were able to exploit in 15 seconds.
Stagefright's vulnerability is exploited by a malicious media file placed on a seemingly safe website. When you visit the site, the file crashes Android's media library and, when it restarts, JavaScript on the page begins sending your device's information back to the attacker's server.When the server receives that data, a custom video file is generated and injected into the webpage. The video fully exploits Stagefright's vulnerability and allows the server to send malware to your phone in the form of another video file.It can take anywhere from 15 seconds to a couple minutes for all of this to happen. Attackers need you to remain on the site for a little while, which makes this attack more insidious, as you can be tricked into thinking the site is safe. I think we can all admit we've scrolled through pages upon pages of cat pictures for more than 15 seconds at a time.More detailed information can be found in NorthBit's report.
How to Stay SafeHackers have either already found this vulnerability or may now exploit it due to NorthBit's research, so you do need to make sure your device is protected.Personal responsibility is key when it comes to avoiding a Metaphor attack. The only way your device can become infected is if you click on a bad link, and you can often avoid making that mistake just by seeing where the link came from. When on a webpage or in an email, long-press on any hyperlink to view its URL. If a URL looks suspicious for any reason, avoid it.Google should release a patch to address Metaphor shortly, but it could be a while before some devices receive it if they're tied to a carrier's update policy. Nexus devices will receive a patch directly from Google, either as a one-off fix or as part of a monthly security update.
Cover image via Shutterstock
Metaphor-Stagefright exploit bypasses ASLR, an anti-exploitation defense known as Address Space Layout Randomization that puts newly downloaded code into random memory regions, which makes it very hard for the hackers to execute their malicious code. It was introduced in Android versions starting with Android 4.1, but Metaphor bypasses that, too.
Chrysaor Malware Found on Android Devices—Here's What You
News : 'Metaphor' Exploit Threatens Millions of Android Devices—Here's How to Stay Safe The Stagefright exploit, which allowed for malicious code to be embedded in files on your device, is now very real in the form of Metaphor.
Every Mac Is Vulnerable to the Shellshock Bash Exploit: Here
Heartbleed, move over. There's a new bug in town, and this time it's also affecting Mac and Linux computers. It's called Shellshock (its original official title is CVE-2014-6271), and it's currently got a 10 out of 10 severity rating over at the National Cyber Awareness System.
The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
New Exploit to 'Hack Android Phones Remotely' threatens
The team's exploit works on Android versions 2.2 to 4.0 and 5.0 to 5.1 while bypassing ASLR on Android versions 5.0 to 5.1, as version 2.2 to version 4.0 do not implement ASLR. Other Android versions are not affected by the new Stagefright exploit.
Android Exploit « Wonder How To
How to Stay Safe. Hackers have either already found this vulnerability or may now exploit it due to NorthBit's research, so you do need to make sure your device is protected. Personal responsibility is key when it comes to avoiding a Metaphor attack.
Seth Fitzgerald's Profile « Wonder How To
News: 'Metaphor' Exploit Threatens Millions of Android Devices—Here's How to Stay Safe How To: Set the Volume Buttons to Instantly Control the Flashlight on Your HTC One News: Samsung Galaxy S7 & S7 Edge Receive December Security Patch & Update on AT&T
The New Stagefright Exploit Called METAPHOR on Android
'Metaphor' Exploit Threatens Millions of Android Devices—Here
News: 'Metaphor' Exploit Threatens Millions of Android Devices—Here's How to Stay Safe News: Here's Everything We Know About What's Coming in the iPhone 7 News: The Oculus Rift Is Finally Out—Here Are Its Biggest Downsides
Metaphor « Wonder How To
News : 'Metaphor' Exploit Threatens Millions of Android Devices—Here's How to Stay Safe The Stagefright exploit, which allowed for malicious code to be embedded in files on your device, is now very real in the form of Metaphor.
How to Use Metaphor Exploit ? « Null Byte :: WonderHowTo
News: 'Metaphor' Exploit Threatens Millions of Android Devices—Here's How to Stay Safe Hack Like a Pro: How to Exploit and Gain Remote Access to PCs Running Windows XP How To: Hack Your Kindle Touch to Get It Ready for Homebrew Apps & More
'Metaphor' Exploit Targets Android - Here's How to Stay Safe
0 comments:
Post a Comment