0

I've been reading some about the Stagefright exploit and I wish to know if it is possible to gain root access on an Android 4.4 or 4.0.4 device with this exploit.

The wiki page states " allows an attacker to perform arbitrary operations on the victim device through remote code execution and privilege escalation". What does the "privilege escalation" mean in this case?

1 Answers1

0

As quoted below from here:

As such, a hacker could gain control of the device before the victim even knows about the text message, and even if phone owners find the message right away, there is nothing they can do to prevent the malware from taking over their device. The hacker would have access to all data and the ability to copy or delete, and would even have access to the microphone and camera, all pictures on the device, as well as Bluetooth.

It was shown to be possible.

  • A demonstration from the wikipedia page you mentioned was provided. There are safety measures in place to make it hard.

  • The ASLR is something since ICS that makes it hard to accomplish.

  • The user can also turn off automatic processing of MMS in the default handling application. This will mitigate background attacks and give them a chance to delete the message.

The potential will also depend what activity was desired to be accomplished and what strategy would be employed. Thank you. Good day.

Yemi Bedu
  • 190
  • 1
  • 9
  • ASLR in practice on ICS tends to be pretty limited. It does relocate the stack, but many binaries built for ICS don't have fully position-independent code yet. Binaries built with newer toolchains often do though, and so they can take better advantage of ASLR. – rsaxvc Sep 30 '15 at 13:26