Categories: CyberCrimeSecurity

Android Security Bug Can Put Your Phone In A Coma

Android phone users are being warned about a new security vulnerability that can turn their phone into a silent brick.

The flaw, uncovered by security researchers at Trend Micro, exploits a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until the user reboots the device (as pictured below).

The vulnerability is thought to affect any devices running Android versions from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop), which when combined, make up more than half of Android devices in use today.

Trend Micro says it first reported the vulnerability to Google back in May, but as yet there has been no patch issued to fix the flaw.

Silent

The researchers report that the vulnerability can get on to a user’s device either through installing a malicious app or through a specially-crafted web site.

The former can cause long-term effects to the device, as the app includes an embedded MKV file that registers itself to auto-start whenever the device boots, making the Android operating system to crash every time it is turned on, rendering the device practically unusable.

The mediaserver service is a part of Android that is used to index media files that are located on the device. As mentioned above, the vulnerability uses a cracked MKV file, which the service is unable to open and causes it (and the rest of the Android operating system) to crash.

This then renders the device totally silent and non-responsive, meaning that no ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.

The UI may also become very slow to respond, or completely non-responsive, and if the phone is locked, it cannot be unlocked.

“We discovered this vulnerability and reported it to Google on May 15,” David Nicholds, solution engineer at Trend Micro told TechWeekEurope. “This problem affects around 950 million Android devices in circulation right now which run Android v4.3 to v5.1.1. These devices can be infected through a simple text message that links to a malicious website, or to the installation of a malicious application”.

Trend Micro likens this new flaw to the recently discovered Stagefright vulnerability, as both can be triggered when Android handles media files, although the way these files reach the user differs. The researchers also say the vulnerability could be used to build ransomware attacks by cybercriminals, who lock users out of their devices before demanding money to ‘release’ it back to them.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Mozilla Drops ‘Do Not Track’ For Upcoming Firefox Browser

The forthcoming Firefox 13.5 will not include a 'do not track' option, as the opt-out…

4 mins ago

UN Body To Protect Subsea Cables Holds First Meeting

United Nations body to protect undersea communications cables that are crucial for international trade and…

17 hours ago

Meta Donates $1 Million To Donald Trump Inauguration Fund

Weeks after CEO Mark Zuckerberg met with Donald Trump privately at Mar-a-Lago, comes news of…

18 hours ago

US To Raise Tariffs On Chinese Solar Wafers, Polysilicon, Tungsten

Protecting American clean energy businesses. Biden administration plans to raise tariffs on certain Chinese products

19 hours ago

Australia To ‘Charge’ Tech Firms For News Content, After Meta Ends Licensing Deal

News fee. Australia looks introduce mandatory charge on social media platforms and search engines to…

20 hours ago