Trend Micro revealed that Android users are threatened by another vulnerability coded as CVE-2015-3823 which traps mobile phones in endless reboots.
Still problems for Android users! A few days ago security experts at Trend Micro discovered a serious flaw in Android OS that can be exploited to crash mobile devices, just before it was announced the Stagefright vulnerability who was threatening nearly 950 Million Android devices that can be easily hacked.
The new security vulnerability, coded CVE-2015-3823, affecting the Android operating system can “brick” the mobile phones by making them unresponsive.
“We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android’s mediaserver program. This causes a device’s system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot and rendered unusable.
The vulnerability, CVE-2015-3823, affects Android versions 4.0.1 Jelly Bean to 5.1.1 Lollipop. Around 89% of the Android users (roughly 9 in 10 Android devices active as of June 2015) are affected. However, we have yet to discover active attacks in the wild that exploit this vulnerability.” states a blog post published by Trend Micro, the company that discovered the bug.
Hackers can trigger the flaw causing an Android device to endless Reboot, also in this case the bug resides in the ‘mediaserver’ built-in program like the Stagefright flaw.
Nearly 90 percent of Android devices running versions 4.0.1 Jelly Bean to 5.1.1 Lollipop are affected by the vulnerability. The attackers can trigger endless reboots in two ways, by using a malicious Android App or redirecting users a specially-crafted website.
The flaw is caused by an integer overflow in parsing .MKV files, if the mobile device plays a media file .MKV file in the flawed ‘mediaserver’ plugin the mobile device to fall into an endless loop when reading video frames.
“The vulnerability is caused by an integer overflow in parsing MKV files,” continues the post. “causes the device to fall into an endless loop when reading video frames.”
Trend Micro reported the flaw to Google that seems not consider the flaw critic by classifying it as a low-level vulnerability.
Victims have to reboot the mobile device in Safe Mode by holding the power button down and pressing the Power Off option until you see the pop-up box asking you to restart in Safe Mode.
Safe Mode will disable all third-party apps and information, then the victim can use the device until a patch is released.
The post published by Trend Micro also includes two PoC scenarios that clarify how to exploit the Android vulnerability.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.