Categories: CyberCrimeSecurity

Android Security Bug Can Put Your Phone In A Coma

Android phone users are being warned about a new security vulnerability that can turn their phone into a silent brick.

The flaw, uncovered by security researchers at Trend Micro, exploits a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until the user reboots the device (as pictured below).

The vulnerability is thought to affect any devices running Android versions from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop), which when combined, make up more than half of Android devices in use today.

Trend Micro says it first reported the vulnerability to Google back in May, but as yet there has been no patch issued to fix the flaw.

Silent

The researchers report that the vulnerability can get on to a user’s device either through installing a malicious app or through a specially-crafted web site.

The former can cause long-term effects to the device, as the app includes an embedded MKV file that registers itself to auto-start whenever the device boots, making the Android operating system to crash every time it is turned on, rendering the device practically unusable.

The mediaserver service is a part of Android that is used to index media files that are located on the device. As mentioned above, the vulnerability uses a cracked MKV file, which the service is unable to open and causes it (and the rest of the Android operating system) to crash.

This then renders the device totally silent and non-responsive, meaning that no ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.

The UI may also become very slow to respond, or completely non-responsive, and if the phone is locked, it cannot be unlocked.

“We discovered this vulnerability and reported it to Google on May 15,” David Nicholds, solution engineer at Trend Micro told TechWeekEurope. “This problem affects around 950 million Android devices in circulation right now which run Android v4.3 to v5.1.1. These devices can be infected through a simple text message that links to a malicious website, or to the installation of a malicious application”.

Trend Micro likens this new flaw to the recently discovered Stagefright vulnerability, as both can be triggered when Android handles media files, although the way these files reach the user differs. The researchers also say the vulnerability could be used to build ransomware attacks by cybercriminals, who lock users out of their devices before demanding money to ‘release’ it back to them.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 days ago