News

New Android Vulnerability That Kills Devices Discovered

Following the discovery of the Stagefright vulnerability, another potentially dangerous Android hack has been found. The bug, uncovered by Trend Micro, can leave an Android device effectively dead, killing the screen and all communication functions, including calls, and can be found in Android 4.3 (Jelly Bean) up to the current Android 5.1.1 (Lollipop). Though it was first reported late-May of this year, there has not been a patch fix released through the Android Open Source Project (AOSP) code by the Android Engineering Team.

The fault can be exploited by either a malicious app or a phishing site, using a malicious MKV video file – much like Stagefright, which also used media files to compromise Android operating systems – designed to auto-start whenever the device boots.

As for the technical details, I’ll leave that to Trend Micro:

The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system).

The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data.

This wil cause the device to become totally silent and non-responsive. This means that:

  • No ring tone, text tone, or notification sounds can be heard. The user will have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.

  • The UI may become very slow to respond, or completely non-responsive. If the phone is locked, it cannot be unlocked.

Short of being careful and vigilant when downloading apps or visiting websites, the vulnerability will remain a potential threat until patched by Google.

Thank you Trend Micro for providing us with this information.

Image courtesy of Ausdroid.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Electronic Arts Titles Played for Over 11 Billion Hours in 2024

Electronic Arts (EA) announced today that its games were played for over 11 billion hours…

2 days ago

Just 15% of Steam Gaming Time in 2024 Was Spent on New Releases

Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…

2 days ago

STALKER 2 Gets Massive 110GB Patch With 1800+ Fixes

GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…

2 days ago

Intel Unveils Core 200H Processors Based on the Previous Raptor Lake Refresh

Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…

3 days ago

Ubisoft Reportedly Developing a New Quadruple A Game

Ubisoft is not having the best of times, but despite recent flops, the company still…

3 days ago

STALKER 2: Heart of Chornobyl Update 1.1 Fixes 1,800 Issues and Revamps A-Life 2.0

If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…

3 days ago