Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does the new Stagefright exploit Metaphor conduct an ASLR bypass?

A new Stagefright exploit called Metaphor has been released. Expert Nick Lewis explains its ability to do an ASLR bypass, and what it means for Android device security.

A new proof of concept Stagefright exploit called Metaphor has been made public by cybersecurity firm NorthBit,...

which is based in Israel. The big news is that Metaphor uses an address space layout randomization (ASLR) bypass to affect potentially hundreds of millions of Android devices. What is an ASLR bypass, and how much more serious is this new Stagefright exploit?

Android patching has been problematic since Android was first introduced because of its fragmented hardware and software ecosystem. Apple doesn't have the same challenge that Google faces in ensuring Android devices have the most current patches, because Apple controls the hardware, software and patching process of its devices. Google has to juggle multiple different open source projects in Android, including Linux and other supporting libraries and software. This makes it difficult to patch vulnerable Android devices for the Stagefright exploit. Google is making changes to how Android is patched, but there is still a significant installed base that will not get the patches or other security improvements.

The Metaphor proof of concept increases the risk of Android users experiencing a potential Stagefright exploit on their devices, but Android's fragmented ecosystem will make it difficult for widespread attacks. Metaphor uses an ASLR bypass, cheating the operating system process which randomizes the location where system executables are loaded into memory. It predicts these locations and performs buffer-overflow attacks.

Metaphor provides a framework for developing targeted exploits, but it would still require critical information about the specific device, such as gadget offsets or predictable addresses. The exploit authors provide a table of some of these values. Also, few smartphones expose the vulnerable Mediaserver functionality to the network so a traditional network worm is unlikely, but many smartphone users render SMS messages, webpages and email automatically. This update could be used in targeted attacks, so having an endpoint security tool that analyzes incoming messages and blocks malicious messages may provide additional protection.

Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Get tips on how to improve Android mobile security

Learn about Android security policies your enterprise should adopt

Read about the challenges of Android device security management

This was last published in August 2016

Dig Deeper on Mobile security threats and prevention

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Did your enterprise implement any restrictions on Android device use following the Stagefright vulnerability?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close