News
News Categories

Android security flaw puts your phone into a completely unresponsive state

By James Lu - on 30 Jul 2015, 10:17am

Android security flaw puts your phone in completely unresponsive state

 

Researchers at Trend Micro say they have discovered a new video-related security vulnerability that puts your phone into a completely unresponsive state and unable to make or receive calls and notifications. 

Trend Micro says the vulnerability affects all Android smartphones running versions 4.3 up through to the current 5.1.1 - more than half of all Android smartphones.

The vulnerability, which uses a damaged Matroska (MKV) video in an app or website to crash Android's "mediaserver" service, can most easily be exploited by luring a vulnerable phone to a booby-trapped website.

The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system).

The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data.

Fortunately, the fix appears fairly easy, as you can revive your phone simply by turning it off and on again, but according to a blog post on Trend Micro's website, the bug can also be exploited by malicious apps that could be designed to automatically start each time the phone is turned on, causing it to crash shortly after each restart.

According to Trend Micro, it notified Google of this exploit in mid-May, but it was marked "low priority" by Google's engineers.

Source: Trend Micro

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.