Security researchers have found another critical Android phone vulnerability that could potentially be exploited by malicious hackers. Security firm Trend Micro found a security vulnerability in Android’s mediaserver component. Trend Micro’s Wish Wu, a mobile threat response engineer, detailed the newly discovered vulnerability in a report.
The vulnerability appears to be present from Android 4.3 Jelly Bean to the current version, Android 5.1.1 Lollipop. According to Google’s Android distribution numbers, almost 90 percent of Android devices are currently running these versions. Unlike the recently discovered Stagefright vulnerability, this vulnerability requires more action on the part of the user. The new issue requires installing a malicious app or visiting a suspicious website.
Wu said in the report, “The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device. This service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension). When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system).”
The vulnerability could render the device unresponsive and completely silent with a malformed MKV media file. When mediaserver scans a malformed MKV video file, a service crash is triggered that takes down the rest of the system with it. This could effectively lock the user out of his or her device.
Android phones attacked this way lose their ability to project notifications and sounds. The user is unable to accept a call or hear other parties. The Android phone may become unresponsive and if the phone is locked when that happens, there is no way to unlock it.
While the new vulnerability appears to be less serious than the Stagefright vulnerability, Android users still have reason to worry. When exploited, this vulnerability pushes data buffers beyond their secure limits and gives hackers access to restricted parts of a system’s memory. Once the device has been accessed, the hacker can modify how the system normally works.