Android Exploitation makes Android Lifeless

By -

Android Exploitation Vulnerability : Leaves Android Screen Dead !!

An Android vulnerability has been discovered that leaves the Phone Dead .Well this is a Treat for Android Exploitation Enthusiasts .The Vulnerability that has been discovered in  Android can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. And this vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). In this artical hacking loops brings you this vulnerability explaining the flaw and the origin , though we also plan to share the Proof of concept in latter posts.
Android has been very ubiquitous since the beginning and popular for its vulnerabilities .   This vulnerability is present in the versions Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop) which account for likely than half of Android devices in use today.
No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability though the vulnerability has been reported by Trend Micro in late May.
This vulnerability that leaves the Android Phone Screen to be lifeless can be exploited in two ways:
  • either via a malicious app installed on the device
  • through a specially-crafted web site.
If the Attacker uses the first technique , using the malicious Application on the Device then it can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.
In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability.
Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs.

Android Vulnerability Description

The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. The Media Server service cannot  process correctly if a malformed video file using the Matroska(.mkv format video file) container (usually with the .mkv extension). When the Media Sever Service / Process opens a malformed MKV file, the service may crash !! And with it, so will the rest of the Android operating system.
This vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data. The source code below – found in the frameworks/av/media/libstagefright/matroska/MatroskaExtractor.cpp file – shows the vulnerability in detail:
    865 size_t offset = 1;
    866 size_t len1 = 0;
    867 while (offset < codecPrivateSize && codecPrivate[offset] == 0xff) {//codecPrivate is controlled by the mkv file
    868 len1 += 0xff;
    869 ++offset;
    870 }
    871 if (offset >= codecPrivateSize) {
    872 return ERROR_MALFORMED;
    873 }
    874 len1 += codecPrivate[offset++];
    875
    876 size_t len2 = 0;
    877 while (offset < codecPrivateSize && codecPrivate[offset] == 0xff) {
    878 len2 += 0xff;
    879 ++offset;
    880 }
    881 if (offset >= codecPrivateSize) {
    882 return ERROR_MALFORMED;
    883 }
    884 len2 += codecPrivate[offset++];
    885
    886 if (codecPrivateSize < offset + len1 + len2) {//len1 or len2 maybe 0xffffffff, then integer overflow happened
    887 return ERROR_MALFORMED;
    888 }
    889
    890 if (codecPrivate[offset] != 0x01) {
    891 return ERROR_MALFORMED;
    892 }
    893 meta->setData(kKeyVorbisInfo, 0, &codecPrivate[offset], len1);//crash in here

What Happens To my Android when Exploited

The mediaserver service continuously restarting after the exploit is triggered .This Android Vulnerability when exploited by an attacker will cause the device to become totally silent and non-responsive. This will leave the Android Phone Lifeless or Dead .
The following happens when the Vulnerability is EXPLOITED :
  • No ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.
  • The UI may become very slow to respond, or completely non-responsive. If the phone is locked, it cannot be unlocked.


Keep Reading our posts for further Updates on Android Vulnerabilities and Exploitation Techniques .

Comments

Post a Comment

Popular posts from this blog

HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING KALI LINUX.

By -
Image
HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING  KALI LINUX . Today,i am going to show you how you can get email-id,username and password or any user details you want by using  KALI LINUX . STEPS FOR SETTING UP YOUR SYSTEM. Download Kali Linux from   here . Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement. NOTE:During installation,in mount point of selected installation drive,set mount point to  "/" . Remember the username and password while installation as this will
Read more

Port Fail Vulnerability : Critical VPN Vulnerability

By -
Image
Port Fail Vulnerability : Critical VPN Vulnerability How Port Fail Vulnerability Exposes your REAL IP on SKYPE Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login. Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from  nmap  package suits our needs very well: # nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39  RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32    Max rtt: N/A | M
Read more