A Bug that can Brick your Android Phone
It's not a good week for owners of mobile devices running Google's Android operating system: a newly-discovered bug that could render your phone dead and unusable.
Security vendor Trend Micro said the vulnerability, when exploited, threatens to render the phone silent and its screen lifeless.
"This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today," mobile threat response engineer Wish Wu said in a blog post.
Worse, Wu said the Android engineering team has yet to issue a patch even if it had been informed as early as May.
According to Wu, Trend Micro reported the vulnerability to Google May 15, and Google acknowledged the report as a "low priority vulnerability" on May 20.
Earlier this week, Motherboard quoted security researcher Joshua Drake as saying a texting bug may leave Android users prone to attacks from hackers.
Drake said the bug is found in an Android media playback engine called Stagefright.
"This vulnerability can be triggered while you sleep... Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojaned phone," Drake said.
Both bugs are related in that they are based on the way Android handles media files.
Trend Micro said the more recent bug can be exploited via a specially crafted MKV media file.
Trend Micro said the newly discovered vulnerability can be exploited either via a malicious app installed on the device, or through a specially-crafted web site.
It said the malicious app can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would cause the OS to crash every time it is turned on.
Trend Micro said the bug, once exploited, can cause the device "to become totally silent and non-responsive."
"No ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call/message, and cannot even accept a call. Neither party will hear each other.
The UI may become very slow to respond, or completely non-responsive. If the phone is locked, it cannot be unlocked," it said.
It also said this exploit could pave the way for ransomware.
"Further research into Android – especially the mediaserver service – may find other vulnerabilities that could have more serious consequences to users, including remote code execution," Wu said.
Leave a comment
Make sure you enter the (*) required information where indicated. HTML code is not allowed.