Android has more than one video-related security hole on its hands at the moment. Trend Micro has found a flaw that uses a malformed Matroska (MKV) video in apps or websites to crash Android’s “mediaserver” service, effectively turning the target device into a paperweight. It’ll not only render your phone’s interface mostly or completely unresponsive, but silence all calls and notifications. You might not even get past the lock screen, if your phone is locked during the incident. An intruder could take advantage of this seemingly brain-dead state to hold your handset for ransom, threatening to shut you out unless you pay up.
Trend Micro says it told Google about the exploit in mid-May, but that it was marked “low priority.” A spokesperson tells Engadget that a “future version of Android” will patch things up and that there’s “no evidence of actual exploitation.” We have a hunch that Google may want to move more quickly than the priority level suggests, though. The recent Stagefright flaw has drawn a lot of attention to video-related attacks, and the Matroska glitch exposes every device running Android 4.3 or newer — that’s about half of the hardware using the platform. Even though it’s possible to uninstall offending apps and avoid malicious websites, that’s not much comfort if your phone becomes at least a momentary paperweight.
Filed under: Cellphones, Internet, Mobile, Google
Comments
Via: Ars Technica
Source: Trend Micro