android stagefright exploit

Share if the site was helpful

What is Android stagefright exploit and how does it effect me? This is the question that everybody is asking so i will be trying to cover it in this post. First lets get an understanding of what StageFright is and can do to your device. StageFright is library or lib that has been around since Android 2.2 and is still being used in android 5.1.1 today. This is the reason that it is such a big exploit and called StageFright.

How does StageFright work?

The easiest way to hack into a device with StageFright is a video sent via MMS. which theoretically could be used as an avenue of attack through the libStageFright, which helps Android process video files. Many text messaging apps including Google’s Hangouts app automatically process that video so it’s ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it. StageFright could also be exploited by installing a app that has the exploit in it or every by downloading a hacked video file that could run the exploit. If StageFright is implemented on your device the hacker can view and see everything that you do, bank accounts emails and more.

What can we do about it?

First you want to open your messaging app and go into settings and turn off AUTO RETRIEVE MMS. This will keep the a hack from happening automatically at least. You could still open a MMS and get it but that is still one more step that has to happen. Next don’t install apps from unknown sources, which really is always a good idea and last be careful on the Internet. Google will be working on a patch for this and pushing it out in ota updates soon. We all now how long ota updates can take so best to address this yourself.

More info

ASLR (Address Space Layout Randomization) is a method that keeps an attacker from reliably finding the function he or she wants to try and exploit by random arrangement of memory address spaces of a process. ASLR has been enabled in the default Linux Kernel since June 2005, and was added to Android with Version 4.0 (Ice Cream Sandwich). So if your device is android 4.0 and above you are much better protected.

My Thoughts

From what i have heard stagefright isnt a exploit that has been seen working in the wild just discovered by some researchers and not implemented in real world. Since it is already public I dont think that many hackers would spend the time working on it, if it is going to be patch soon anyway.

HERE you can find a StageFright detector app that is interesting but is going to tell you that you are vulnerable unless you have the latest cm12.1 installed which already has been patch for stagefright.

FramaRoot one click app

Share if the site was helpful

FramaRoot One Click App

Framaroot-2

FramaRoot is a very awesome one-click application that install Superuser and su binary on your phone.  Superuser app and su binary are include in this application and it works on many android devices ranging from android version 2.0 to 4.0 or from Eclair to Ice Cream Sandwich here you can find a list of known device that Framaroot one click app works on.

WARNING Successful Root with this application will void your warranty on the device. DOWNLOAD FRAMAROOT APP

Installation

  1. Download Framaroot on to your device
  2. Install it with a file explorer or directly from your internet browser, if android warn you about security risk, say OK  ( most android rooting apps with be flagged as a security risk since they are a exploit of some kind ) and check Unknown sources to allow install of applications.

Usage

Open Framaroot and select one of the following action: Install SuperSU, Unroot or Execute script (for advanced users)

Possible case once application is launched

  • A popup saying “Your device seems not vulnerable to exploit included in Framaroot”, in this case you can uninstall app
  • You seeing one or more exploit name, also click on one after you have selected an action and you will see one of the above messages

Possible case once exploit is selected

  • “Success … Superuser and su binary installed. You have to reboot your device”
  • “Failed … Exploit work but installation of Superuser and su binary have failed”
  • “Half-Success :-/ … system partition is read-only, use local.prop trick. Reboot your device and use adb to see if it run as root”, happen when the filesystem in use on system partition is a read only filesystem (ex: squashfs)
  • “Failed … Try another exploit if available”
  • Framaroot crash or freeze, in this case relaunch Framaroot a second time and select the same action and exploit

Here you will find the official thread on XDA Developers site

FramaRoot One Click App

Here is the list of known compatible devices but if yours isnt listed try it anyway and it may work

Device Compatibility

If you are really into this app and want to learn more about advanced settings check out this link

Advanced settings

Here is a Video of me rooting my Droid X and Droid 2

en English
X