Phones will go silent, screens dark.
By Raif Karerat
WASHINGTON, DC: The latest security flaw uncovered within Android could leave smartphones running the operating system in an effective coma.
Just days after news broke that a security threat to Android’s Stagefright coding could affect as many as 950 million handsets, Trend Micro has uncovered a bug that can make phones go silent and screens go dark.
The flaw is said to affect devices running Android 4.3 Jelly Bean up to the latest version, Android 5.1.1 Lollipop.
By either installing a malicious app on an Android device, or directing users to a nefarious website, hackers can cause an Android device to become “apparently dead — silent, unable to make calls, with a lifeless screen,” Trend Micro explained. If the exploit is installed through an app, it can auto-start whenever the device boots, causing Android to crash every time the device is powered on.
“The first technique can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would cause the OS to crash every time it is turned on,” Trend Micro reported.”In some ways, this vulnerability is similar to the recently discovered Stagefright. Both are triggered when Android handles media files, although the way these files reach the user differs.”
Trend Micro reported to flaw in May, it said, but Google assigned it a low priority.
“Further research into Android — especially the mediaserver service — may find other vulnerabilities that could have more serious consequences to users, including remote code execution,” the Trend Micro researchers said.
Joshua Drake, the security researcher who recently found the critical vulnerabilities in Android’s Stagefright multimedia framework, described the component’s code as “not very mature” and its security flaws as “beginner-ish,” according to PC World.