Los Angeles: It seems like the Android users are having tough times! Just a few days ago, critical Stagefright vulnerability was revealed in Android and now a new vulnerability is threatening the users to make the devices unresponsive and unable to perform even the basic functions like making or receiving calls. Yes, the security researchers of Trend Micro (a global security company) have developed a technique which could make more than 55% of Android phones crash while making it almost useless.
It’s been said that the dangerous flaw could affect any device running Android 4.3 Jellybean and later including the latest version Android 5.1.1 Lollipop. This almost puts about millions of Android phones vulnerable to attacks. This vulnerability came out when just two days after the Zimperium researchers warned that almost 950 million Android phones could be hacked by just sending a message. This flaw is even more dangerous as it doesn’t even require the end user interaction.
How can a hacker exploit the Flaw?
A hacker can exploit this vulnerability in two different ways; firstly through a malicious Android app and the next is through a specially crafted website. However the easiest way to exploit the flaw is to attract the vulnerable Android devices to a booby-trapped website. In this case, probably the phone gets restored when it is restarted. But in case of malicious app, it can make a long-term impact on your phones according to a blog post published in Trend Micro.
The malicious app will be designed in such a way that whenever the phone is turned on, the app starts working automatically making the operating system to crash every time when it is restarted. This makes the device mute, unresponsive and useless; you will not be hearing any ringtone, message tone or any notification sounds.
What is the root cause of the vulnerability?
According to the research made by Trend Micro, the vulnerability resides in the ‘mediaserver’ service which is used by Android operating system to index media files located on the device. The research also says that ‘mediaserver’ service is not able to correctly process a malformed video file using the Matroska container; i.e. the service may get crashed when the process opens a malformed MKV file.
It’s also been observed that the research company has developed a proof-of-concept for the malicious app that exploits the vulnerability. Though the researchers reported about the vulnerability to Google’s security team in late May, the team has failed to patch the issue as it is classified as a low-level vulnerability.
Are you planning to outsource Android development in Los Angeles? Fortune Innovations is one of the best mobile development firms you can rely upon. Our deft developers strive to make the best use of the latest app development trends. We understand your requirements completely and offer you the best possible solution.