Android media-indexing bug opens door for DoS attacks

Remember back in the early days of computing when the general rule of thumb was “only executable files can be malicious?” Sure, if you downloaded some sketchy software from a backwater website you ran the risk of compromising your machine, but non-executable files – things like pictures and music – were generally considered safe. The world’s changed a lot since then, as as operating systems become more complex, even these once-innocuous file types are now emerging as potential agents for mischief themselves. We just shared with you news about an Android vulnerability arising through video content in MMS messages, and today we’re learning about another video-related attack, one that arrives via MKV files.

The glitch deals with how Android’s Mediaserver service indexes MKV video, and a specially crafted MKV file can cause an overflow that crashes the service, kills system audio output, and can cause the UI to slow down or stop responding to user input altogether.

Were an app to embed such an MKV file within it, and run on system startup, it could effectively lock users out of their phones. Even embedded videos on websites can trigger the exploit, despite Chrome’s protections.

Google’s aware of the problem and has classified it as a low priority vulnerability; as of now, there doesn’t appear to be a published fix. Systems running Android 4.3 up through the current 5.1.1 release are reportedly affected.

Source: Trend Micro
Via: PC World

Discuss This Post

Read More

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!