Security Experts:

Connect with us

Hi, what are you looking for?



Android Vulnerability Allows Attackers to Crash Smartphones

A vulnerability in the Android mobile operating system can be exploited to cause devices to become inoperable, said researchers from Trend Micro.

A vulnerability in the Android mobile operating system can be exploited to cause devices to become inoperable, said researchers from Trend Micro.

According to experts, the vulnerability affects versions of Android starting with 4.3 Jelly Bean and up to 5.1.1 Lollipop. Roughly half of Android devices are running impacted version of the operating system.

The issue is an integer overflow bug in Android’s “mediaserver” service. The vulnerability is triggered when the service processes a malformed video file using the Matroska container.

“The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data,” Trend Micro mobile threat response engineer Wish Wu explained in a blog post.

An attacker can leverage the flaw to cause a smartphone to become silent and inoperable. This includes no ringtone and notification sounds, and unresponsive user interface.

Wu says an attacker can exploit the denial-of-service (DoS) vulnerability remotely by getting the victim to install a malicious app or visit a specially crafted website. Exploiting the flaw through a malicious app that contains an embedded MKV file allows the attacker to make the smartphone unresponsive for an extended period of time by ensuring that the application is launched whenever the device boots.

A proof-of-concept (PoC) application developed by Trend Micro causes the mediaserver service to continuously restart once the exploit is triggered. The attack has also been demonstrated with a web-based PoC that causes the phone to crash when it’s accessed through the Chrome web browser.

“Whatever means is used to lure in users, the likely payload is the same. Ransomware is likely to use this vulnerability as a new ‘threat’ for users: in addition to encrypting on the device being encrypted, the device itself would be locked out and unable to be used. This would increase the problems the user faces and make them more likely to pay any ransom,” Wu explained.

The researcher believes that further analysis of the mediaserver service might reveal more serious vulnerabilities, including flaws that can be exploited for remote code execution.

Google has confirmed that the vulnerability exists, but the search giant has yet to release a patch. The company has classified the issue as a low priority flaw.

Earlier this week, researchers disclosed the existence of a series of critical Android vulnerabilities. The flaws exist in the Stagefright media playback library and they affect up to 950 million devices.

While in both cases the vulnerabilities can be exploited via malicious media files, the Stagefright vulnerabilities are far more serious because they allow remote code execution, and some of them can be exploited simply by sending a malicious MMS message to the victim.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.