Android takes another blow

Trend Micro researcher finds flaw that could render an Android phone 'apparently dead'

This has not been a good week for Android. First, security firm Zimperium uncovered a vulnerability that affects close to 1 billion Android phones, which could enable an attacker to gain control of a compromised device by simply sending a text.

Then, a researcher from Trend Micro reported a flaw in Android's mediaserver service, which an attacker could exploit to render an Android phone "apparently dead – silent, unable to make calls, with a lifeless screen."

This vulnerability affects phones running Android 4.3 and higher, more than 50 percent of Android phones in use. While Trend Micro informed Android Engineering Team of the vulnerability in May, no patch has yet been issued, according to the post written by Trend Micro mobile threat response engineer Wish Wu.

There are two attack vectors to exploit the flaw in the mediaserver service, which is used by Android to index media files – either by installing "a malicious app on the device or by visiting a specially crafted website."

The first vector is particularly nasty. The "app with an embedded MKV file that registers itself to auto-start whenever the device boots would cause the OS to crash every time it is turned on," Wu related.

This is because the "service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system)," Wu wrote.

Among other things, Wu said the vulnerability could be exploited by a ransomware attack in which the attackers would make the phone unusable in addition to encrypting the data on the phone, making the victim more likely to pay the ransom.

For more:
- read Wu's blog post

Related Articles:
Close to 1B Android devices vulnerable to devastating text-based attack, warns Zimperium
Hacking Team breach discloses Android exploit that tricked Google Play security
Attackers could exploit hole in Android Instapaper app to steal credentials