Bad two weeks for Android–Stagefright exploit and mRST backend plugin vulnerability

By on August 9, 2015 7:15:31 AM from JoeUser Forums JoeUser Forums


Join Date 04/2002


The first – the Stagefright exploit (several vulnerabilities) is apparently worse than the Heartbleed vulnerability. These could give the opening to run remote code from an MMS message, or even just viewing a specially constructed video on an infected webpage with embedded video content. The vulnerability is well explained here, and here.

There’s a fix for that out…you can check and fix with the app described here.

Now, two Israeli researchers (Bobrov and Bashan) have discovered another problem which comes from how remote help apps work together with tools OEMs install on your Android phone to help repair it.

“Coming back to how the exploit actually works, we need to understand how mSRTs work. Given that their functionality consists of particularly invasive and powerful abilities, these apps need special permissions and need to be signed by the OEM itself. As such, the tool is divided into two parts: the actual app that you see and interact with and a backend plugin that provides all these permissions. When the app requires special privileges, it connects to the plugin and is given the necessary permissions. Even phones that do not have the app installed might contain the plugin.

In order to verify that the app sending the requests to the plugin and asking for these special permissions is the official mSRT app, vendors create their own authentication tools on top of Android's Binder, which has no certification process of its own. And, that's where the problem comes in. By using this duality, the researchers were able to exploit the plugin's god-like powers and gain total access to the device, in some cases with just a text message.” – Neowin

so that the mSRT becomes an mRat. You can read more about it here, or here.

There should be a fix for this, but as of now, I don’t know if one exists. There is a tool to detect “Certifigate” and you can find it here.

Have a good weekend, folks.

Locked Post 4 Replies +1 Karma
Search this post
Subscription Options

Reason for Karma (Optional)
Successfully updated karma reason!
August 9, 2015 7:44:53 AM from WinCustomize Forums WinCustomize Forums

Don't have one of those so no worries about my phone dying of stage fright. 

Good lookin' out Doc. 

Reason for Karma (Optional)
Successfully updated karma reason!
August 9, 2015 12:17:50 PM from WinCustomize Forums WinCustomize Forums

Only the Android phones?  Not laptops or tablets?

Reason for Karma (Optional)
Successfully updated karma reason!
August 9, 2015 6:22:43 PM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

teddybearcholla, it is anything android that is at risk from the points in the OP

harpo, the ghost NON_subscriber

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
August 9, 2015 6:28:20 PM from WinCustomize Forums WinCustomize Forums

Thank you harpo!

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #101114  walnut1   Server Load Time: 00:00:00.0000157   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2016 Stardock Corporation. All Rights Reserved.