After Stagefright hack, new security flaw discovered that could render Android devices “totally silent and non-responsive”
A security flaw that could make half the world’s Android phones “totally silent and non-responsive” has been uncovered, just days after the Stagefright hack was revealed.
The new flaw affects devices running versions of the operating system from 4.3 to the present one, which is around 57 per cent of devices worldwide, according to to security firm Trend Micro, which discovered the flaw.
Android’s way of processing video seems to be the culprit causing the vulnerability, as the mediaserver can’t handle malformed video files, causing the whole operating system to crash.
Once this happens, a victim’s device becomes lifeless, unable to accept calls, or display notifications. If the phone is locked, it cannot be unlocked.
The attack can be exploited in two ways. Hackers can either set up a website with a malicious video file embedded, or create a malicious app, that causes the device to crash after turning on.
This new flaw has been discovered just days after a flaw in the Stagefright media library was revealed to expose 95 per cent of Android devices to silent, remote hacks.
Trend Micro suspect there may be other, as yet undiscovered bugs in the Android mediaserver.