• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Android   »   The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos

The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos

  • Posted on:July 31, 2015
  • Posted in:Android, Security, Vulnerabilities
  • Posted by:Christopher Budd (Global Threat Communications)
0

Trend Micro researchers are now disclosing additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android users.

The “Stagefright” vulnerability is actually a marketing label for a cluster of seven individual vulnerabilities. One of the vulnerabilities in this cluster, CVE-2015-3824, was independently discovered by Trend Micro’s research team at the same time as other security researchers.  This is actually a common occurrence in vulnerability research. For instance, we and other researchers found, and were credited for, the vulnerability that Microsoft recently fixed out-of-band with MS15-078.

Like others in the industry, our researcher team found the multimedia message system (MMS) attack vector for this vulnerability. However, they also found two additional vectors that can be used to successfully exploit it. After discussions with Google, we can now disclose what we’ve found.

The first additional attack vector is delivered via malicious video files on a website. This is nearly as dangerous as the MMS attack, since many videos now auto-play, especially on mobile devices. This vulnerability also enables attackers to bypass the disabling of auto-play videos in Chrome. This means an attacker would only need to convince a user to visit a posted video, enabling complete control the device after it’s played.

The second attack is made possible through malicious apps or MP4 files designed to exploit the vulnerability. Once a user downloads and runs it, the attacker would have full control over the device.

The recommendation to disable MMS will NOT protect against these two new attack vectors. However, it is still effective against one of the three attack vectors, and is a good idea generally if that feature is unused.

While there are no known mitigations for web-based video attack vectors, web reputation services like Trend Micro’s Web Reputation Services can help protect against known malicious sites. To help protect against malicious apps or MP4 files, be cautious about downloads. As malicious apps are discovered, mobile security solutions like Trend Micro Mobile Security can provide protection.

The best solution, of course, is to apply updates that fix the vulnerability. Unless you have a Nexus phone, you will get security fixes from your carrier, or the maker of your device.

Unfortunately, many of the 89 percent of Android users at-risk will never be able to fix this vulnerability due to the age of their devices or their carriers and/or handset makers not making fixes available. These users are running “unpatchable Android” and can only fully protect themselves by getting a new device.

You can get more technical details on this at the Security Intelligence blog posting here.

Our research teams are monitoring this situation carefully and we will update you with any new information.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. “Pete’s Pet Shop” Animated Videos Show the Benefits of IT Security for Small Businesses in a Colorful, Engaging Way
  2. Google Play and Microsoft Stores Delete Suspected Compromised Apps
  3. AV-Comparatives: Trend Micro Mobile Security for Android Provides 100% Malware Protection for Mobile Users
  4. FakeAV in Google Play and how Trend Micro Mobile App Reputation Services Dynamic Analysis Helps Protect You

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.