Categories: CyberCrimeSecurity

Android Security Bug Can Put Your Phone In A Coma

Android phone users are being warned about a new security vulnerability that can turn their phone into a silent brick.

The flaw, uncovered by security researchers at Trend Micro, exploits a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until the user reboots the device (as pictured below).

The vulnerability is thought to affect any devices running Android versions from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop), which when combined, make up more than half of Android devices in use today.

Trend Micro says it first reported the vulnerability to Google back in May, but as yet there has been no patch issued to fix the flaw.

Silent

The researchers report that the vulnerability can get on to a user’s device either through installing a malicious app or through a specially-crafted web site.

The former can cause long-term effects to the device, as the app includes an embedded MKV file that registers itself to auto-start whenever the device boots, making the Android operating system to crash every time it is turned on, rendering the device practically unusable.

The mediaserver service is a part of Android that is used to index media files that are located on the device. As mentioned above, the vulnerability uses a cracked MKV file, which the service is unable to open and causes it (and the rest of the Android operating system) to crash.

This then renders the device totally silent and non-responsive, meaning that no ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.

The UI may also become very slow to respond, or completely non-responsive, and if the phone is locked, it cannot be unlocked.

“We discovered this vulnerability and reported it to Google on May 15,” David Nicholds, solution engineer at Trend Micro told TechWeekEurope. “This problem affects around 950 million Android devices in circulation right now which run Android v4.3 to v5.1.1. These devices can be infected through a simple text message that links to a malicious website, or to the installation of a malicious application”.

Trend Micro likens this new flaw to the recently discovered Stagefright vulnerability, as both can be triggered when Android handles media files, although the way these files reach the user differs. The researchers also say the vulnerability could be used to build ransomware attacks by cybercriminals, who lock users out of their devices before demanding money to ‘release’ it back to them.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago