Old Android vulnerability unearthed by Trend Micro could make your Android device silent and unresponsive

Old Android vulnerability unearthed by Trend Micro could make your Android device silent and unresponsive
Security firm Trend Micro is ringing bells, announcing a vulnerability in Android's mediaserver service that lets malicious code cripple your device, making it silent (no ring tone, text tone, or notification sounds can be heard) and completely unresponsive (meaning a locked device cannot be unlocked). The exploit is present in Android versions starting from v4.3 (Jelly Bean) all the way through v5.1.1 (Lollipop). It is yet to be patched up, although the Android engineering team acknowledged it as a "low priority" vulnerability in the end of May.

Trend Micro explains that the mediaserver service, where the vulnerability is contained, is used by Android to index the media files contained on the device's storage. If a MKV video file is malformed in the right way, it will crash the service and the rest of the operating system upon attempting to process it. This tactic can be exploited in multiple ways, depending on the attacker's creativity and intent. Trend Micro gives two examples — an app with an embedded malicious MKV file that starts with the device's boot, or through a specially engineered website.

The latter approach has been demonstrated by the firm in the video below. Although the mobile version of Chrome disables the preloading and autoplay of video files, the browser still reads the malicious MKV file until the mediaserver service crashes. The code causes an integer buffer overflow to take place, causing the system to crash.


source: Trend Micro

FEATURED VIDEO

14 Comments

1. mostafawael.1998

Posts: 241; Member since: Oct 01, 2014

Damn!!! We just got cured from the stagefright vulnerability Now this s**t! And yet they still recognize it as a low-priority task!

6. RebelwithoutaClue unregistered

Ofcourse they gave this low-priority. Since the impact is negligible. It doesn't compromise security, your files are safe. And to solve it, you need to reboot and delete the file and everything is ok. So why should they give this a high-prio?

7. RebelwithoutaClue unregistered

Also you would have to open/download file yourself. So don't accept mkv files from people/sites you don't know/trust and open them.. Problem solved.

13. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Actually Chrome loads the mkv in the background, once it is processed whether it is played or not....boom its frozen. Bascially the work around, which I find ludicrous is to not preload anything and have to always click on download.....

2. ruwie

Posts: 103; Member since: Sep 25, 2014

Popular OS are tend to attacked by those insecured people

3. vivaapple

Posts: 31; Member since: Jun 02, 2015

That is the beauty of android.. There are too many compatible hack attacks and malware .out there with this OS. thumbs up

8. sgodsell

Posts: 6902; Member since: Mar 16, 2013

Oh and like your Apple has NO attacks and malware. Please get real.

4. hortizano

Posts: 294; Member since: May 22, 2013

And with the public display of the vulnerability by PhoneArena it will get the attention and exploit it deserves!!

5. isprobi

Posts: 797; Member since: May 30, 2011

Another reason to buy a BlackBerry and why BlackBerry should never release an Android phone.

9. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

You can buy a blackberry phone. Its an open market.

10. nodes

Posts: 1152; Member since: Mar 06, 2014

even without this vulnerability, my phone is silent and unresponsive.

11. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Not surprising that your iPhone 5s is unresponsive. Apple kills support for their older phone with software upgrade.

12. nodes

Posts: 1152; Member since: Mar 06, 2014

of course i referred to my other device that i had, the LG G2. my iPhone 5S runs super fine with latest iOS, even my mom's old iPhone 5 runs better with latest iOS than the LG G2. that's why i gave up the LG G2, despite it was on the same generation.

14. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Your LG phone is also crap so are your iPhone otherwise you wouldn't be in the forum complaining about it. All the devices i own are sweet that extends to Apple, Windows and Android devices. Its their user that is stupid. Who ask you to buy them in the first place?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.