A new proof of concept Stagefright exploit called Metaphor has been made public by cybersecurity firm NorthBit,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
which is based in Israel. The big news is that Metaphor uses an address space layout randomization (ASLR) bypass to affect potentially hundreds of millions of Android devices. What is an ASLR bypass, and how much more serious is this new Stagefright exploit?
Android patching has been problematic since Android was first introduced because of its fragmented hardware and software ecosystem. Apple doesn't have the same challenge that Google faces in ensuring Android devices have the most current patches, because Apple controls the hardware, software and patching process of its devices. Google has to juggle multiple different open source projects in Android, including Linux and other supporting libraries and software. This makes it difficult to patch vulnerable Android devices for the Stagefright exploit. Google is making changes to how Android is patched, but there is still a significant installed base that will not get the patches or other security improvements.
The Metaphor proof of concept increases the risk of Android users experiencing a potential Stagefright exploit on their devices, but Android's fragmented ecosystem will make it difficult for widespread attacks. Metaphor uses an ASLR bypass, cheating the operating system process which randomizes the location where system executables are loaded into memory. It predicts these locations and performs buffer-overflow attacks.
Metaphor provides a framework for developing targeted exploits, but it would still require critical information about the specific device, such as gadget offsets or predictable addresses. The exploit authors provide a table of some of these values. Also, few smartphones expose the vulnerable Mediaserver functionality to the network so a traditional network worm is unlikely, but many smartphone users render SMS messages, webpages and email automatically. This update could be used in targeted attacks, so having an endpoint security tool that analyzes incoming messages and blocks malicious messages may provide additional protection.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Get tips on how to improve Android mobile security
Learn about Android security policies your enterprise should adopt
Read about the challenges of Android device security management
Dig Deeper on Smartphone and PDA Viruses and Threats-Setup and Tools
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.