Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Android Phone Can Get Hacked Just By Playing a Video

 

Systems Affected


Android OS version 7.0 and 9.0 (Nougat, Oreo, or Pie)

Threat Level


High


Overview


An Attacker could perform remote code execution using the vulnerability (CVE-2019-2107).


Description


According to the advisory a specially crafted innocuous-looking video file can compromise android smartphone. The vulnerability resides in the android media framework and it could allow a remote attacker to execute arbitrary code on a targeted device.
To gain the access, attacker needs to trick the user into playing a specially crafted video file with Android's native video player application.
However, it should be noted that if the video received though instant messaging applications like WhatsApp or Facebook Messanger or uploaded on a service like YouTube or Twitter, the attack will not work. But the most worrying part is that Germany-based Android developer Marchin Kozlowski has uploaded a proof-of-concept for this type of attack on Github.


Impact


✦  Execute arbitrary code
✦  Data modifications
✦  Private information disclosure


Solution/ Workarounds


  ✦  To protect from this attack is to update the mobile operating system as soon as the latest patch become available. At the same time avoid downloading and playing random videos from untrusted sources.


References


✦  https://nvd.nist.gov/vuln/detail/CVE-2019-2107
✦  https://thehackernews.com/2019/07/android-media-framework-hack.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.