Android's Performance Anxiety: An In-Depth Analysis of the Stagefright Bugs

Abstract

Stagefright is the collective group of bugs in the Android operating system from versions 2.2 to 5.1.1. Discovered in mid 2015, these vulnerabilities still exist in approximately 1 billion devices that have yet to receive the appropriate patches and updates. Given its large presence in the mobile market and its impact on Android mobile security, this thesis aims to present an in-depth study of each of the vulnerabilities. We begin with an analysis of the vulnerable code across versions 4.4.4, 5.1.1 and 6.0.0, and provide explanations as to what causes the weaknesses in the code. The existence of the bugs, as well as proof of concepts of their exploits are presented, and an analysis of the results is provided. We also briefly discuss the implications of our results on new related vulnerabilities that exist in Android version 6.0.