Latest Android security exploit could leave more than half of current devices 'dead' & unusable
Yet another serious Android security issue was publicized this week, with the latest exploit rendering devices "lifeless," and said to affect more than half of units currently on the market.
The security flaw in Google's Android mobile operating system was discovered by Trend Micro, which reported the issue in May. But no fix has been issued, as Google acknowledged the report as a "low priority vulnerability" on May 20.
The flaw is said to affect devices running Android 4.3 Jelly Bean up to the latest version, Android 5.1.1 Lollipop.
By either installing a malicious app on an Android device, or directing users to a nefarious website, hackers can cause an Android device to become "apparently dead — Â silent, unable to make calls, with a lifeless screen," Trend Micro explained. If the exploit is installed through an app, it can auto-start whenever the device boots, causing Android to crash every time the device is powered on.
In some ways, this vulnerability is similar to the recently discovered Stagefright vulnerability," they explained. "Both vulnerabilities are triggered when Android handles media files, although the way these files reach the user differs."
The "Stagefright" Android security issue was publicized earlier this week, and has the ability to affect even more Android handsets — Â more than 950 million devices, according to one estimate. Stagefright is the name for a system service in Android that processes various media formats implemented in native C++ Code, and it can be exploited through a simple MMS message.
Unlike the issue discovered by Trend Micro, which has not yet been patched, Stagefright was fixed by Google in the latest versions of Android. But because many users are not running the latest version of the mobile operating system, the vulnerability is said to affect 95 percent of Android device owners, running version 2.2 Froyo all the way up to 5.1.1 Lollipop.
Most Android device owners simply cannot run the latest version of the operating system because of restrictions put in place by handset makers. In contrast, 85 percent of Apple mobile device users are running iOS 8 or later, its latest-generation operating system, while another 13 percent are on iOS 7.
Trend Micro cautioned this week that its new exploit and Stagefright could be just the beginning of other security issues to come.
"Further research into Android — Â especially the mediaserver service — Â may find other vulnerabilities that could have more serious consequences to users, including remote code execution," they wrote.