Another Android Vulnerability Found

Trend Micro Discovers Vulnerability That Renders Android Devices Silent

We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today. No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability since we reported it in late May.

This vulnerability can be exploited in two ways: either via a malicious app installed on the device, or through a specially-crafted web site. The first technique can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.

In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability. Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs.

The kicker: Google calls it “a low priority vulnerability.”

There’s going to come a day of reckoning here. Some day, some way, several million people will be hit with an exploit — probably though a fake news site or infected video about a major news story that spreads like wildfire through Twitter — that will create a class-action lawsuit that Google will have to deal with for years.

And the bad press from that will cause a huge decline in Android device sales.

Previously here:

Critical Android Security Flaw

2 Comments

Filed under Android, Google

2 responses to “Another Android Vulnerability Found

  1. logseman

    Every software piece has vulnerabilities. The real issue is malware, and malware is the consequence of having a popular operating system. Being universally considered a malware vector has never diminished Windows’ sales: the few points of market share Mac OS X gained were due to it carving a niche for certain professions. People do not give a damn about “software vulnerabilities” and rightly so.

  2. Rotaglide

    Where’s the problem, it doesn’t brick your phone for all time. Start Android in the built in “Safe Mode” and uninstall the App or restart your device and don’t visit the website again.

    DON’T PANIC!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s