New Android Vulnerability That Kills Devices Discovered

/ 6 years ago

android hack

Following the discovery of the Stagefright vulnerability, another potentially dangerous Android hack has been found. The bug, uncovered by Trend Micro, can leave an Android device effectively dead, killing the screen and all communication functions, including calls, and can be found in Android 4.3 (Jelly Bean) up to the current Android 5.1.1 (Lollipop). Though it was first reported late-May of this year, there has not been a patch fix released through the Android Open Source Project (AOSP) code by the Android Engineering Team.

The fault can be exploited by either a malicious app or a phishing site, using a malicious MKV video file – much like Stagefright, which also used media files to compromise Android operating systems – designed to auto-start whenever the device boots.

As for the technical details, I’ll leave that to Trend Micro:

The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system).

The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data.

This wil cause the device to become totally silent and non-responsive. This means that:

  • No ring tone, text tone, or notification sounds can be heard. The user will have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.

  • The UI may become very slow to respond, or completely non-responsive. If the phone is locked, it cannot be unlocked.

android killer 1

Short of being careful and vigilant when downloading apps or visiting websites, the vulnerability will remain a potential threat until patched by Google.

Thank you Trend Micro for providing us with this information.

Image courtesy of Ausdroid.

Topics: , , , , , ,


By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

Check out our Latest Video

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features

Send this to a friend