Researchers have developed an attack that puts more than 50% of Android smartphones into digital equivalent to a persistent vegetative state , and in which they are almost completely insensitive and unable to perform most of the features, including the issue or receiving calls. In other words, you'll have a phone that can no longer call! A peak.
See also : Angry Birds 2 arrives on Android and iOS
As underlined Android Police, vulnerability, which resides in the service mediaserver on Android that uses indexing media files, will easily exploit a flaw from a website. It is likely that the smartphone can be revived by a restart, but according to an article published by a researcher at security firm Trend Micro, the bug can also be exploited by malicious applications. In the latter scenario, the malicious application could be designed to start automatically each time the smartphone is switched on, causing crashes shortly after each reboot.
Clearly, the vulnerability is exploited using a malformed video file in the container Matroska (usually a file .mkv ) . When mediaserver tries to process the file, process and freezes, desperately carrying with it the system to crash. The researchers tested this bug once including the file .mkv corrupted in an application, and a Web page.
And the bug is not confined to a small part of the population. Indeed, the vulnerability affects versions 4.3 to Android 5.1.1 present, about half of the base of Android users. In addition, this bug comes two days after that other researchers have warned that some 950 million Android smartphones can be diverted by sending a simple MMS. The so-called bug Stagefright is more serious than the latter, because it allows hackers to retrieve your audio, video, and other personal data stored on smartphones. And in some cases it allows execution of malicious code. Moreover, in many cases, Stagefright attacks require no user intervention.
Trend Micro privately reported vulnerability mediaserver to Google in late May. Google engineers have recognized the bug, but were assigned a low priority, says Trend Micro.
See also : Angry Birds 2 arrives on Android and iOS
As underlined Android Police, vulnerability, which resides in the service mediaserver on Android that uses indexing media files, will easily exploit a flaw from a website. It is likely that the smartphone can be revived by a restart, but according to an article published by a researcher at security firm Trend Micro, the bug can also be exploited by malicious applications. In the latter scenario, the malicious application could be designed to start automatically each time the smartphone is switched on, causing crashes shortly after each reboot.
And the bug is not confined to a small part of the population. Indeed, the vulnerability affects versions 4.3 to Android 5.1.1 present, about half of the base of Android users. In addition, this bug comes two days after that other researchers have warned that some 950 million Android smartphones can be diverted by sending a simple MMS. The so-called bug Stagefright is more serious than the latter, because it allows hackers to retrieve your audio, video, and other personal data stored on smartphones. And in some cases it allows execution of malicious code. Moreover, in many cases, Stagefright attacks require no user intervention.
Trend Micro privately reported vulnerability mediaserver to Google in late May. Google engineers have recognized the bug, but were assigned a low priority, says Trend Micro.
Tags:
android