Click to Skip Ad
Closing in...

Warning: Crazy new Android security flaw can render your phone completely lifeless

Published Jul 30th, 2015 9:55AM EDT
Android Security

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Another day, another Android vulnerability. Just days after researchers disclosed an MMS-based Android vulnerability that potentially puts 950 million Android devices at risk, a different group of researchers have come forward with yet another Android-based security exploit.

The latest Android vulnerability affects more than half of all Android devices in circulation today and has the potential to render handsets completely inert, which is to say infected phones cannot make calls or receive any other type of notification. What’s more, the screen itself may become lifeless, effectively turning Android phones into expensive screen savers.

DON’T MISS: 5 awful Windows 8 problems that are fixed in Windows 10

The exploit, discovered by researchers at Trend Micro, can be enacted either via a malicious app or via a “specially-crafted website.” Devices vulnerable to the attack include handsets running Android 4.3 (Jelly Bean) or above.

As for how the exploit works, well, it’s time to get technical. The researchers describe the basis for the vulnerability as follows:

The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system).

The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data.

To highlight how the exploit works, researchers developed a proof of concept mobile app and website to better demonstrate what happens when a device becomes infected.

A video demonstration of the process can be seen below.

While users can of course steer clear of questionable apps, avoiding malicious websites can be a bit more challenging given the lengths some hackers will go to lure or trick users onto an ostensibly safe website.

“Whatever means is used to lure in users, the likely payload is the same,” the researchers write. “Ransomware is likely to use this vulnerability as a new “threat” for users: in addition to encrypting on the device being encrypted, the device itself would be locked out and unable to be used. This would increase the problems the user faces and make them more likely to pay any ransom.”

The researchers further note that they reported the aforementioned vulnerability to Google in mid-May. A few days later Google acknowledged the report and categorized it as a “low priority.”

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.