Android DoS Vulnerability Affects 95% of Android Devices – Patch Released
According to a security research firm, a denial-of-service (DoS) vulnerability is present in Android 4.0.1 ICS through Android 5.1.1 affecting roughly 95% of the Android devices.
Android DoS vulnerability discovered and patched
Security researchers at Trend Micro have reported finding a second DoS vulnerability in Android's mediaserver component. The group had discovered another vulnerability related to the mediaserver component which Google classified as "low severity" and hasn't fixed yet. The latest Android vulnerability (CVE-2015-3823) is triggered when mediaserver processes a malformed MKV video file causing an integer overflow. This overflow then sends the affected device to an endless loop when trying to read video frames. According to the security group, an attacker can exploit this Android vulnerability by using one of the following two methods:
- By making users install an app and then having mediaserver process a specially crafted MKV file via this app. This causes system to slow down until it has no battery left, continuing to loop until system resources or battery are exhausted.
- In the second scenario, attacker could trick users into visiting a website containing malicious MKV file embedded into the HTML page which triggers the same action as above when the video file is played.
In this attack, service continues to loop even if the malicious app is terminated until system resources aren't depleted. Attackers could also program the app to start at boot causing endless reboot loop for the affected device.
This endless reboot may render Android devices unusable unless the devices are opened in safe mode and the app is removed. Getting rid of the app is quite problematic. It may be difficult to locate the app once downloaded. Attackers may opt to keep it hidden and silent for a long time and only trigger the attack days or months later. Users may believe it is not installed and attribute the reboots to problems in the Android system. - Wish Wu, mobile threat response engineer at Trend Micro
Affecting around 95% of the Android devices, Google has patched this latest Android vulnerability. However, due to fragmented ecosystem and dependency on carriers and OEMs, it will take a while to patch all the affected devices. Good news is that the security firm says it hasn't spotted any attacks exploiting this vulnerability. However, with the exploit now being made public, users are at a greater risk of being affected by it. These Android vulnerabilities are easily exploited as only a specially crafted MMS message containing media file could affect the targeted device.