Android Exploitation makes Android Lifeless

Android Exploitation Vulnerability : Leaves Android Screen Dead !!

An Android vulnerability has been discovered that leaves the Phone Dead .Well this is a Treat for Android Exploitation Enthusiasts .The Vulnerability that has been discovered in  Android can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. And this vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). In this artical hacking loops brings you this vulnerability explaining the flaw and the origin , though we also plan to share the Proof of concept in latter posts.
Android has been very ubiquitous since the beginning and popular for its vulnerabilities .   This vulnerability is present in the versions Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop) which account for likely than half of Android devices in use today.
No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability though the vulnerability has been reported by Trend Micro in late May.
This vulnerability that leaves the Android Phone Screen to be lifeless can be exploited in two ways:
  • either via a malicious app installed on the device
  • through a specially-crafted web site.
If the Attacker uses the first technique , using the malicious Application on the Device then it can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.
In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability.
Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs.

Android Vulnerability Description

The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. The Media Server service cannot  process correctly if a malformed video file using the Matroska(.mkv format video file) container (usually with the .mkv extension). When the Media Sever Service / Process opens a malformed MKV file, the service may crash !! And with it, so will the rest of the Android operating system.
This vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data. The source code below – found in the frameworks/av/media/libstagefright/matroska/MatroskaExtractor.cpp file – shows the vulnerability in detail:
    865 size_t offset = 1;
    866 size_t len1 = 0;
    867 while (offset < codecPrivateSize && codecPrivate[offset] == 0xff) {//codecPrivate is controlled by the mkv file
    868 len1 += 0xff;
    869 ++offset;
    870 }
    871 if (offset >= codecPrivateSize) {
    872 return ERROR_MALFORMED;
    873 }
    874 len1 += codecPrivate[offset++];
    875
    876 size_t len2 = 0;
    877 while (offset < codecPrivateSize && codecPrivate[offset] == 0xff) {
    878 len2 += 0xff;
    879 ++offset;
    880 }
    881 if (offset >= codecPrivateSize) {
    882 return ERROR_MALFORMED;
    883 }
    884 len2 += codecPrivate[offset++];
    885
    886 if (codecPrivateSize < offset + len1 + len2) {//len1 or len2 maybe 0xffffffff, then integer overflow happened
    887 return ERROR_MALFORMED;
    888 }
    889
    890 if (codecPrivate[offset] != 0x01) {
    891 return ERROR_MALFORMED;
    892 }
    893 meta->setData(kKeyVorbisInfo, 0, &codecPrivate[offset], len1);//crash in here

What Happens To my Android when Exploited

The mediaserver service continuously restarting after the exploit is triggered .This Android Vulnerability when exploited by an attacker will cause the device to become totally silent and non-responsive. This will leave the Android Phone Lifeless or Dead .
The following happens when the Vulnerability is EXPLOITED :
  • No ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.
  • The UI may become very slow to respond, or completely non-responsive. If the phone is locked, it cannot be unlocked.


Keep Reading our posts for further Updates on Android Vulnerabilities and Exploitation Techniques .

Comments

Popular posts from this blog

How To Hack ADSL Router Using NMAP Tool