Android Security Bug Can Put Your Phone In A Coma

Mike Moore,

Vulnerability could affect up to half of the Android devices out today, Trend Micro claims

Android phone users are being warned about a new security vulnerability that can turn their phone into a silent brick.

The flaw, uncovered by security researchers at Trend Micro, exploits a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until the user reboots the device (as pictured below).

The vulnerability is thought to affect any devices running Android versions from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop), which when combined, make up more than half of Android devices in use today.

Trend Micro says it first reported the vulnerability to Google back in May, but as yet there has been no patch issued to fix the flaw.

Silent

trend micro mobile-shutdown-2The researchers report that the vulnerability can get on to a user’s device either through installing a malicious app or through a specially-crafted web site.

The former can cause long-term effects to the device, as the app includes an embedded MKV file that registers itself to auto-start whenever the device boots, making the Android operating system to crash every time it is turned on, rendering the device practically unusable.

The mediaserver service is a part of Android that is used to index media files that are located on the device. As mentioned above, the vulnerability uses a cracked MKV file, which the service is unable to open and causes it (and the rest of the Android operating system) to crash.

This then renders the device totally silent and non-responsive, meaning that no ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.

The UI may also become very slow to respond, or completely non-responsive, and if the phone is locked, it cannot be unlocked.

“We discovered this vulnerability and reported it to Google on May 15,” David Nicholds, solution engineer at Trend Micro told TechWeekEurope. “This problem affects around 950 million Android devices in circulation right now which run Android v4.3 to v5.1.1. These devices can be infected through a simple text message that links to a malicious website, or to the installation of a malicious application”.

Trend Micro likens this new flaw to the recently discovered Stagefright vulnerability, as both can be triggered when Android handles media files, although the way these files reach the user differs. The researchers also say the vulnerability could be used to build ransomware attacks by cybercriminals, who lock users out of their devices before demanding money to ‘release’ it back to them.

Are you a security pro? Try our quiz!