Tag Archives: Android

Keep An Eye On Anyone Using This Spy Phone App

In this security concerned new age, there isn’t anything as such privacy anymore. Each day new revelations regarding the password breaches by hackers and government surveillances are made. Amid all this confusion and Snowden’s claim that the government is watching every aspect of your personal life, there is a rise of the apps and software that are being used to spy on your spouse. According to a study, the number of spy phone apps is increasing exponentially on Android Play Store and Apple Store.

These apps lie in a gray area where moral and legal obligations colloid. But at the same time, these apps could be used to have some healthy fun or play pranks on your friends. There are numerous spy phone apps available but here I am going to tell you about the best one. This spy phone app will let you stream the content of your phone camera on your PC, thus making your phone a spy camera.The app I am going to describe ahead is named Camera Stream and is available on Google Play Store. Even though this spy phone app doesn’t provide you a high-quality HD video feed, but it is pretty handy and useful. Read the following simple steps to know more about the app and its working.

Step 1:

First you need to download and install the Camera Stream app on your Android phone.



Step 2:

Once Camera stream app is installed in your phone you need to connect it to a WiFi network. A connection to WiFi network is required to assign an IP address to your Android phone.


Step 3:

Now open the Camera Stream app, you will be seeing three option there. Now head to the Settings.  You can change the port number from here, but I’ll recommend you to leave it the same by default. You can set the Username and password according to your choice to secure the stream. Also, you can switch off/on flashlight from here to get a clear stream at night.

Step 4: 

Now connect your Computer or Smartphone to the same WiFi network to which your phone is already connected and enter the URL (available at top) in your browser to watch the stream with the help of this spy phone app.


Now put your smartphone to someplace where you want to spy and you are good to go. Although the video quality is not that great but is satisfactory as this spy phone app is free.


Silent Attack vulnerability can make 500 million Android smartphones go lifeless

Researchers from TrendMicro Labs have discovered a strange vulnerability in Android devices which if exploited renders them silent. Silent here means that, the vulnerability makes the exploited Android smartphone go lifeless, unable to make or receive calls with a lifeless screen.

The Trend MicroLabs website says that this vulnerability is present in all Android smartphones and tablets from version Android 4.3 Jelly Bean to Android 5.1.1 (Lollipop). Trend has not clarified whether the the current Android M version is susceptible to the attack.

The versions Android 4.3 to Android 5.1.1 (Jelly Bean to Lollipop)  are used in almost half of the Android smartphones in circulation which means that almost 500 million Android smartphones are vulnerable to this vulnerability.

The Silent Attack

This vulnerability can be exploited in two ways: either via a malicious app installed on the device, or through a specially-crafted website hosting the PoC code.

The first technique can cause long-term effects to the Android device because if the victim installs an app with an embedded MKV file and if such an App registers itself to auto-start whenever the Android smartphone is booted, the exploit will be triggered crashing the device.

In the second technique, the exploit is triggered when the Android smartphone owner visits a malformed website hosting the code or the device is made to visit such a website.

Trend Micro researchers say that the vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device.

Once the attacker send a malformed video file to Android device, the mediaserver service cant process this video using the Matroska container which is used by files with .mkv extension.

Because of its inability to the process the malformed MKV file, the service may crash rendering the device to go lifeless.

The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data.

The source code below – found in theframeworks/av/media/libstagefright/matroska/MatroskaExtractor.cpp file – shows the vulnerability in detail:

865 size_t offset = 1;
 866 size_t len1 = 0;
 867 while (offset < codecPrivateSize && codecPrivate[offset]== 0xff) {//codecPrivate is controlled by the mkv file
 868 len1 += 0xff;
 869 ++offset;
 870 }
 871 if (offset >= codecPrivateSize) {
 872 return ERROR_MALFORMED;
 873 }
 874 len1 += codecPrivate[offset++];
 876 size_t len2 = 0;
 877 while (offset < codecPrivateSize && codecPrivate[offset]== 0xff) {
 878 len2 += 0xff;
 879 ++offset;
 880 }
 881 if (offset >= codecPrivateSize) {
 882 return ERROR_MALFORMED;
 883 }
 884 len2 += codecPrivate[offset++];
 886 if (codecPrivateSize < offset + len1 + len2) {//len1 or len2 maybe 0xffffffff, then integer overflow happened
 887 return ERROR_MALFORMED;
 888 }
 890 if (codecPrivate[offset]!= 0x01) {
 891 return ERROR_MALFORMED;
 892 }
 893 meta->setData(kKeyVorbisInfo, 0, &codecPrivate[offset], len1);//crash in here

Proof Of Concept

The Proof of Concept (PoC) app is given by Trend Micro and reproduced below. It includes a malformed MKV file (res/raw/crash.mkv) to demonstrate how this attack functions. Once the app is started, the mediaserver service will keep crashing.

Silent Attack : Mediaserver vulnerability in Android smartphones running on Jelly Bean to Lollipop renders them lifeless

Figure 1. The mediaserver service continuously restarting after the exploit is triggered

This will cause the device to become totally silent and non-responsive. This means that:

  • No ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.
  • The UI may become very slow to respond, or completely non-responsive. If the phone is locked, it cannot be unlocked.

In many ways this vulnerability is similar to the Stagefright attack we reported yesterday. The Stagefright attack is also triggered due to the specific way in which Android OS ecosystem handles the media files. The only difference is that Stagefright attack vulnerability effects nearly all Android smartphones but the Silent attack vulnerability affects only versions from Jelly Bean to Lollipop and how both vulnerabilities handle the media files.

Trend MicroLabs says they informed Google (Android Engineering Team) about the vulnerability in May 2015 but as of now no patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability.