A vulnerability in the Android operating system allows attackers to disable a smartphone or tablet, Cnews reports with reference to the analytical Trend Micro. After the attack on the gadget is its screen becomes unresponsive to clicks, the user will not be able to take or make a call and will not hear notification sounds.
A problem with the mediaserver component of the operating system designed for indexing media files stored in the memory of the “Google phone”. When indexing the file format MKV) with a specific embedded into the code overflows the integer type. The result is a buffer overflow and write data to a null memory location.
Matroska is an open project to develop a cross-platform container that contains video, audio, subtitles and other data (for example, the Chapter titles in the film, etc). Matroska is a development project MCF, but differs significantly from it so that based on the language EBML (Extensible Binary Meta Language) is the binary analog of the XML. EBML enables developers years to develop the format while maintaining compatibility with players of previous generations.
Experts have created a malicious file placed in a modified file format MKV and ran it on an Android device. Then, the mediaserver went into an endless reboot — detecting the file, it rebooted. And booting again, re-scanned the memory and once again tried to analyze the file. A cycled reboot mediaserver slowed the whole Android system so that the device has stopped responding. At the same time it is powered on.
According to experts, it is not necessary that the MKV file on to the device of the victim as part of a malicious application. It can be embedded in the HTML code of the web page. When the user gets to this page via mobile browser, the same things will happen. Experts from Trend Micro found, for example, the Google Chrome browser.
According to analysts at Trend Micro, a new bug can be used by developers virus-ransomware (programs, forcing the user to pay to regain access to the data). Attackers can block the operation of the device and to charge the user of payment, said the experts. According to them, when the owner of the smartphone will understand that you don’t use the device in any way, he is more willing to give money.
Recently experts of the company Zimperium Mobile Security reported finding in another Android vulnerability that allows you to hack the device just by sending them a malicious MMS messages. In this case the user don’t even need to open. Experts estimate that the vulnerability contains approximately 950 million devices on the platform from Google, that is, about 95% of the total.
