Security Alert: New Android Flaw Can Brick Your Smartphone

Security Alert: New Android Flaw Can Brick Your Smartphone
To sign up for our daily newsletter covering the latest news, hacks and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Lifehacker Australia homepage to visit whenever you need a fix.

There’s yet another Android flaw to contend with following the Stagefright Bug. This one can totally brick an Android phone, and as yet, there’s no fix.

Image: Family O’Abé

Trend Micro’s reporting on a flaw in the mediaserver service in all versions of Android from 4.3 up to 5.1 that can be abused either through a specifically crafted app or specifically coded Web site. The Web flaw should only cause a single reboot of a device, but a compromised app could in theory cause an endless non-responsive reboot loop with a dead screen, or in other words, a completely bricked Android smartphone.

This isn’t quite as critical as the Stagefright bug, given that it’s an exploit that does require some user intervention, either by visiting a web site or downloading an app. Here’s the exploit in action if you get all excited by bricked phones, bearing in mind that this is just a proof of concept at the moment.

Trend Micro Discovers Vulnerability That Renders Android Devices Silent [Trend Micro]


    • Hypothetical:
      So I build an app, charge 0.99c for it, everyone wants that app, but shy away from the cost… Some malicious jerk copies my app, adds some malicious code to it and releases it for free on XDA or something … it gets covered on blogs every where as a free alternative to the awesome app I created, and people are installing it left right and centre … BOOM, your phone just got compromised…

  • Saying “a completely bricked Android smartphone” is an exaggeration. That would imply even the bootloader is not accessible, which is not the case here.

    So simply boot into recovery and either restore from a backup or re-flash the OS. As long as the /data partition isn’t affected (and this exploit doesn’t seem to) it should be entirely possible to restore the device.

    • Not on stock firmware. Then your only choice is to restore to factory defaults without keeping any data.

Show more comments

Comments are closed.

Log in to comment on this story!