The new version of the vulnerability Stagefright, as it turned out, was present in all smart phones with the first version of OS Android 1.0 up to Android 5.1.1. Stagefright 2.0 – these are two errors in the library libstagefright. Using both of these errors together, the attacker has the ability to gain control over the device.
The scheme of action is simple. On a mobile device loaded modified MP3 or MP4-file that contains malicious code. The user may not even notice as he turned on the device. For example, in the case of breaking a particular site may not be a malicious file on a huge number of mobile devices.
To run the malicious code without having to open the file manually. Reaction infection begins when analyzing metadata. When the analysis affects the downloaded modified file, an error occurs.
As a result of this error, arbitrary and, very likely, the malicious code is written to the device memory and allows to gain unauthorized access, for example to the camera, microphone, according to the correspondence, and even built-in memory with the ability to retrieve and download a variety of data.
The first vulnerability Stagefright was discovered in April this year. Then it became known that an attacker could gain access to the device via MMS-video, which also starts a chain reaction of infection. However, for sending malicious messages needed to know the telephone number of a particular device. The new version of the vulnerability does not require it.
«Potentially Stagefright 2.0 is able to cause a lot of harm, because it touches a very significant number of devices and mobile software – said” Gazeta.ru “head of the analytical center of Zecurion Vladimir Ulyanov. – But I would not exaggerate the danger of vulnerability. The result of the attack will probably be significantly below expectations. I do not think that the world will get more than a few tens of thousands of infected devices ».
The expert believes that the previously recorded more serious threat to the security of mobile devices. For example, a buffer overflow vulnerability in the OpenSSL cryptographic software allow to obtain encryption keys and touched many critical infrastructure such as banking systems. It carried a much greater danger than the case with Stagefright 2.0.
In this case, Ulyanov said that one hundred percent of the method of determining that you were subjected to cyber attack, does not exist. The fourth version of Android installed approximately 70% of mobile devices based on this platform, so you need time to install the update.
«Google usually has a rapid response to the complaints of third-party developers and users, – the expert says. – But if the company somehow does not want to fix the problem, the solution of the problem may be delayed. For example, Google has long been asked not to load at the same time all the tabs in the browser Chrome, but nothing changes ».
To check, subject to any Android-powered device vulnerabilities Stagefright, there are special utility. Thus, in the Play Store can find the application Zimperium Stagefright detector and Eset Stagefright detector, to analyze the probability of infection with a specific device, but they do not offer the opportunity to get rid of this vulnerability.
If the antivirus on your phone updated, it will record attempts to inject malicious software, but if the vulnerability is exploited before, it did not show.
«Anti-Virus can track malware, but does not show itself” door ” through which the intruder entered, – says Ulyanov. – The Trojan also can be written individually for burglary, then the antivirus did not detect, and I would much it hoped would not ».
The best way to protect, according to experts, is not to store critical information on the devices. Mobile banking – is, of course, very convenient, but not safe, and it is better to use a separate secure device for simple operations with money.
It is also necessary to follow the regular software updates. To get to the “first wave” of exploitation, it is necessary to have a special failure. Mass problems begin, if about the threat has long been known, but a producer of the software has not been taken, or users have updated their version of the OS.
«Anti-virus software – is also a half-hearted solution, – Ulyanov said. – The fact that anti-virus software is mainly reactive, that is to work with existing malware. A proactive method to work with potential threats – probabilistic, and if they tighten up, there will be a lot of false positives ».
In general, the expert believes that every company there are vulnerabilities in the software and it is unlikely to have a major impact on the reputation of Android, and its market share. If the system as a whole satisfied users, from her unlikely to give manufacturers and vendors. “This is not the first case of a threat, and they are fundamentally the platform Google is not affected,” – summed up Ulyanov.