New vulnerability discovered in android smartphone can crash|silent the phone in single click

Security researchers at Trend Micro found a new vulnerability in android smartphone which can silent the android smartphone,make the smartphone useless to perform the basic function like touch,mute the smartphone, endless reboot,no ringtone, message tone,including to make or receive calls.They developed an android application and website,as and when user visit the website, smartphone fails to perform the basic function.As per the researchers,more then 55% of device is vulnerable to this attack.This vulnerability affect the device running from android 4.3 jelly bean to android lollipop 5.1 lollipop.

Root Cause of the Vulnerability


The vulnerability actually resides in the mediaserver service used by Android to index media files located on the Android phone.


"[mediaserver] service cannot correctly process a malformed video file using the Matroska container (usually with the .mkv extension)," Trend Micro researcher Wish Wu wrote. "When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system)."

How to crash the smartphone using media server service vulnerability


  1. Download and install the Google chrome in android smartphone.
  2. Visit the website Click Here
  3. Boom smartphone is crashed,user cannot make or receive calls etc...

Note : This vulnerability only works in android 4.3 or later device having chrome browser.

How to Fix Vulnerability

Don't install the android application from unknown sources,if your device affected with the vulnerability then put the smartphone in recovery mode and clear the cache,data,dalvik of smartphone and reset all the setting of android smartphone.

Researchers also published the code to perform the vulnerability which is given below:

<html>
<body onload="setInterval('Crash()', 5000);">
<video id="crash" src="crash.mkv" controls="controls">Browser Video tag
</video>
<script language="javascript">
function Crash(){
var crash=document.getElementById("crash");
crash.load();
crash.play();
}
</script>
</body>
</html>

Researchers also published the video as Proof of concept,which is attached below:



Post a Comment

0 Comments