Security researchers have developed an attack that endangers a little more than 50 percent of all Android devices that can put the phone in a near dead state, where the device is unable to perform its most basic tasks.
The vulnerability researchers uncovered lies within the mediaserver service Android uses to index media files on the device. The vulnerability could most easily be exploited by tricking a victim into visiting a malicious domain. On the bright side, the phone can be easily revived by simply restarting the device, however, according to security firm Trend Micro, the flaw can also be exploited by malicious apps. Meaning apps on the device could be set to start every time the device boots, putting the phone in a near unusable state.
Trend Micros’s Mobile Threat Response Engineer, Wish Wu, wrote in the blog post:
“The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system).
“The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data.”
Android’s latest vulnerability affects versions 4.3 through the latest 5.1.1, affecting a mere half of the entire Android userbase. Researchers debuted their latest flaw just two days after a separate group of researchers warned that nearly 950 million Android devices could be hijacked by a simple text message. The flaw, dubbed Stagefright, is far more severe as it allows attackers to steal audio, video, location data and other personal information directly from the device, even with the ability to execute malicious code. What’s even more frighting, as the name states, is it requires no end-user interaction at all for the vulnerability to be exploited.
Trend Micro privately disclosed the mediaserver vulnerability to Google in late May, which Google engineers have since acknowledged as a “low priority”, Wu reported.