Metaphor Stagefright Exploit Released

Stagefright new Metaphor exploit

Stagefright new Metaphor exploit

Metaphor Stagefright Exploit Released

Hanan Be’er, security researcher for Israeli firm NorthBit, has developed the fully functional exploit that leverages the Stagefright vulnerability to compromise Android devices.

The exploit was crafted on top of other partial exploit code released by both Zimperium, the company that discovered the Stagefright vulnerability, and by Google.

NorthBit’s attack scenario is quite simple that the victim may fail to notice that he was being hacked. An attacker needs to trick a user into accessing a website where a malicious image or video is hosted and this image or video is indeed a script (can easily be done with rewrite engines and a parsing/streaming script).

Because the Stagefright flaw corrupts Android devices when reading metadata from multimedia files, a user only needs to access the attacker’s website to expose himself to the attack.

How Metaphor Work

The good news is that the attack needs to go in 3 phases which mean you won’t get comprised at a snap. The bad news is that people are used to slow mobile connections, they will wait for a video to load and will even be patient to wait for the image to complete thinking it was just a mobile connection glitch why the image loads slow.

The stages are the following

  • The malicious media (image/video) that contains the exploit code will force the user’s Mediaserver service component to restart enabling the attacker to gather information about the device
  • Using the collected device data, the attacker can serve a custom video file for the victim containing a powerful exploit payload and run as root user allowing the attacker to retrieve more data.
  • The exploit now running with root privilege can install spayware and other malware

This new exploit, called Metaphor, works on Android 2.2 through 4.0, but also Android 5.0 through 5.1, even if these newer versions have ASLR protection. Ironically, to bypass ASLR protection, NorthBit used the Stagefright exploit released by Google.

During their tests, researchers exploited Metaphor against a Nexus 5, HTC One, LG G3 and Samsung Galaxy S5. Below is a video of the attack in action.

Metaphor Exploit Demo Video

Northbit created a demo video displaying how a remote attack can happen using metphor exploit while browsing a website carefully crafted for attacks. The irony is that a previous stagefright vulnerability was used to bypass ASLR stagefright fix.

Metaphor Exploit Technical Paper

I am well aware that sharing the technical paper will increase the number of people to attempt the hack and exploit but it is also the remaining way to force Google and Android companies to fix and patch the problem.

[pdf-embedder url=””]



The TechnoJunkie of the group who studied engineering but got stuck with software development. Remember kids, 90% of your problems can be solved by marketing. Solving the other 10% just requires good procrastination skills.

You may also like...

Leave a Reply

%d bloggers like this: