Your Android Phone Can Get Hacked Just By Playing This Video

Boy the malware creators are gettin good… but this why you don’t just open videos and crap people send you.. EVEN people you know cuz they don’t know shit about tech

Are you using an Android device?
Beware! You should be more careful while playing a video on your smartphone—downloaded anywhere from the Internet or received through email.
That’s because, a specially crafted innocuous-looking video file can compromise your Android smartphone—thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android OS between version 7.0 and 9.0 (Nougat, Oreo, or Pie).The critical RCE vulnerability (CVE-2019-2107) in question resides in the Android media framework, which if exploited, could allow a remote attacker to execute arbitrary code on a targeted device.

To gain full control of the device, all an attacker needs to do is tricking the user into playing a specially crafted video file with Android’s native video player application.

Though Google already released a patch earlier this month to address this vulnerability, apparently millions of Android devices are still waiting for the latest Android security update that needs to be delivered by their respective device manufacturers.

“The most severe vulnerability in this section [media framework] could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google described the vulnerability in its July Android Security Bulletin.

android media framework exploit

What makes the issue more worrisome is that Germany-based Android developer Marcin Kozlowski has uploaded a proof-of-concept for this attack on Github.

Although the PoC shared by Kozlowski, an HEVC encoded video, only crashes the media player, it can help potential attackers develop their exploits to achieve RCE on targeted devices.

However, it should be noted that if such malicious videos are received through an instant messaging app like WhatsApp or Facebook Messenger or uploaded on a service like YouTube or Twitter, the attack won’t work.

That’s because these services usually compress videos and re-encode media files which distorts the embedded-malicious code.

The best way to protect yourself from this attack is to make sure you update your mobile operating system as soon as the latest patch becomes available.

Meanwhile, you are recommended to avoid downloading and playing random videos from untrusted sources and follow basic security and privacy practices.

via Your Android Phone Can Get Hacked Just By Playing This Video

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.