Hacking Without Knowing Phone Number
New Ways to Trigger Stagefright Vulnerability
- Trigger Exploit from Android Application
- Crafted HTML exploit to Target visitors of a Webpage on the Internet
- Hack millions of Android devices, without knowing their phone numbers and spending a penny.
- Steal Massive Amount of data.
- Built a botnet network of Hacked Android Devices, etc.
“The specially crafted MP4 file will cause mediaserver‘s heap to be destroyed or exploited,” researchers explained how an application could be used to trigger Stagefright attack.
Video Demonstration: ‘App’ Attack Vector
And to trigger if from a web page for all its visitors, “We embedded the same malformed MP4 file (named mp4.mp4) into an HTML file as below, which is then uploaded to a web server.” researchers say.
Video Demonstration: ‘HTML WEBPAGE’ Attack Vector
“An attacker would be able to run their code with the same permissions that mediaserver already has as part of its normal routines.”