Zimperium Releases Android Stagefright Exploit Code | eWeek

Zimperium Releases Android Stagefright Exploit Code

Android security
Sep 10, 2015
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

When the Stagefright vulnerability in Android was first announced on July 27, no proof-of-concept code was publicly released.

Several weeks later, on Aug. 5, Zimperium zLabs Vice President of Platform Research and Exploitation Joshua Drake discussed the Stagefright flaw at the Black Hat USA conference, but still no exploit code was publicly released. That has changed, and the first proof-of-concept exploit code for Stagefright is now publicly accessible.

Stagefright is a vulnerability in the Android Stagefright media library, which is used to process content, including Multimedia Messaging Service (MMS) content. The Stagefright media library is found in Android versions 2.2 and higher, and when Drake first discovered the flaw, hundreds of millions of users were at risk.

Google has since issued patches for the flaws Drake discovered, though new Stagefright flaws, including CVE-3864, which Exodus Intelligence disclosed after the patch, are still a concern.

Zimperium first shared the exploit it released today with approximately 30 device vendors and carriers, Drake said. “Vendors that took measures to protect themselves are not at risk; most devices, however, still are,” he told eWEEK.

It’s not entirely clear how many users today are still at risk from Stagefright. Zimperium has released a Stagefright detector mobile app, which alerts users if they are at risk. Drake noted that data collected from Zimperium’s Stagefright Detector app is in the process of being analyzed. Zimperium is planning a blog post for a later date on what the company has been able to see from the data.

The actual proof-of-concept exploit code that Drake publicly released today is written in the Python programming language, though it isn’t quite a point-and-click weaponized exploit.

“Using this exploit still requires some technical expertise, but obviously it is not as hard as building it in the first place,” Drake said. “In addition, we added a ‘newbie trap’ for the less technically inclined folks out there.”

Drake did not elaborate on what that “newbie trap,” might be. Additionally, the proof-of-concept code was designed to run against a Samsung Galaxy Nexus device running Android 4.0.4.

“We chose this device specifically because of the partial implementation of ASLR [address space layout randomization],” Drake said. “Our line of thinking was that removing variables from the equation would remove some complexity and help us develop the exploit more quickly.”

Released in 2011, Android 4.0.4 is an old version of the operating system. Since Black Hat, Zimperium has been working on an exploit that targets the Nexus 6 running Android 5.1, but the company is not ready to share the details of the Android 5.1 proof-of-concept exploit at this time, Drake said.

ASLR is a technology that Google has claimed will help to mitigate the Stagefright flaw, which Drake admits is partly true. “However, since media server automatically restarts, it is possible to use brute-force tactics to bypass ASLR,” Drake said. “We have confirmed this is possible both via MMS and through the browser.”

ASLR has been bypassed in many exploits in the past, according to Drake. ASLR bypass usually involves a memory disclosure vulnerability or automatic respawning of a process.

While Zimperium and Drake, in particular, have gained a significant amount of notoriety thanks to Stagefright, there is still more mobile research to be done and more discoveries to be announced.

“As a mobile threat protection company, we are constantly looking for holes in mobile operating systems to ensure our customers’ safety from advanced mobile attacks,” Drake said. “Unfortunately, at this point, we cannot share additional details but expect new things soon.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.