Update Aug 28, 2015: Typos in the final table: CVE-2015-3864 does not concern covr but tx3g. CVE-2015-3828 does not occur for yrrc. Detecting the PoCs published by Zimperium is not difficult: you can fingerprint the PoCs, for example. Detecting variants of the PoCs, i.e., MP4s that use one of the discovered vulnerabilities, is far more difficult. I'll explain why in a moment. First, apart from here (in Chinese), there hasn't been so much in the way of technical details. Getting into the guts of StageFright... [Read More]
by RSS Axelle Apvrille  |  Aug 25, 2015  |  Filed in: Security Research
You've heard about StageFright, right? Where a malicious MMS compromises an Android handset by exploiting vulnerabilities on the phone's mediaserver. Are you aware that StageFright is not an MMS issue, but an issue with anything that will try to open a malicious MP4? If not, you are now, and I hope I am about to convince you even more thouroughly below... Telegram Yes, for instance, StageFright occurs with Telegram. The only (fortunate) difference is that Telegram does not preview the MP4, so it will only crash if you open the video... [Read More]
by RSS Axelle Apvrille  |  Aug 14, 2015  |  Filed in: Security Research
Until relatively recently, mobile malware wasn't that different from early PC malware - It was annoying, it probably invaded your privacy, and it took a toll on system resources but it wasn't especially dangerous or costly in the way that modern weaponized malware used to attack PCs, servers, and point-of-sale systems was. And just as early malware primarily targeted a single OS (Windows), mobile malware remains almost exclusively a problem for Android. However, it appears that Stagefright has served as something of a wakeup call for the... [Read More]
by RSS Chris Dawson  |  Aug 12, 2015  |  Filed in: Industry Trends & News