Trend Micro Finds Mediaserver Bug that Could Crash Android Phones

Just days after researchers found a security flaw that could affect 950 million Android devices, engineers at security software firm Trend Micro have found a new vulnerability that could leave many Android smartphones silent and "apparently dead." The latest vulnerability could affect more than half the 1 billion Android phones currently in use worldwide.

The newly identified threat could be activated in one of two ways: either via a malicious app or by luring users to a malicious Web site, according to Trend Micro. The vulnerability could leave phones silent, unable to make calls, and with lifeless screens.

Like the Stagefright vulnerability revealed earlier this week by enterprise mobile security firm Zimperium, this new threat is triggered when an Android device handles media files. Trend Micro said the latest vulnerability affects devices running Android 4.3 and up, including Android 5.1.1, the current version of the mobile operating system.

Mediaserver and OS Crash

The newly identified vulnerability lies in the mediaserver service used by Android to index media files, mobile threat response engineer Wish Wu said yesterday on Micro Trend's security intelligence blog. When an Android device encounters a malformed video file using the Matroska container, which is usually identified with the extension .mkv, its mediaserver service can crash, bringing the rest of the device's operating system with it.

"Once the app is started, the mediaserver service will keep crashing," Wu said. "This will cause the device to become totally silent and non-responsive." In addition to leaving a phone without ring tones, text tones and notification sounds, the user interface might also become "very slow to respond, or completely non-responsive," Wu said. Locked phones that are affected cannot be unlocked, Wu added.

Wu noted that Trend Micro reported the vulnerability to Google's Android engineering team, which maintains the Android Open Source Project,...

Comments are closed.