“Stagefright library bugs will certainly be remembered as the most dangerous ever identified. To date, the threat would seem to have been eradicated with the release of patch by all manufacturers of smartphones. If Google, for its part, has created a new system of monthly releases to ensure greater safety in the whole ecosystem Android, a new cry of alarm would be raised by the team of researchers Israelis of NorthBit, through a new library exploits potentially dangerous to millions of devices.
The new exploit called “Metaphor” and through a video shot by the same researchers, runs successfully on a Nexus 5 and later also tested on LG G3, HTC and Samsung Galaxy S5 all labelled as being at risk.
Compared to the first bug of “Stagefright discovered, using the Android system, integrated into the C++ library Metaphor bypasses the ASLR (Address Space Layout Randomization, address-space randomization), a measure of protection against buffer overrun and exploits, which consists in making (partly) random address of library functions and of the most important areas of memory.
If during execution of code leads to a data structure with the wrong address, you will get so bad data which in turn will result in an exception, usable from any malware to access to system memory.
ASLR is present on Android 5.0 and 5.1, but not on older releases as the 2.2 and 4.0, therefore not all distributions would be infected. In any case, in the case of the newer ones, the risk is still high. Having bypassed the ASLR, the video shows the opening of a link posted in a message before the exploit sends in turn device data to your computer hackers, who will have control on the device, taking sensitive data and other system information.
The experiment conducted by NorthBit would call so alarmed the whole ecosystem Android again vulnerable to this kind of attacks, we will see how Google and the producers will respond.