If you’ve been following the news this week then you might have heard about Stagefright, a flaw discovered in Android which can allow hackers to access a target’s device by simply sending a MMS message. It appears that this is not the only video-related vulnerability present in the leading mobile platform, there’s another which uses a malformed Matroska (MKV) video in websites or apps to basically put the Android device into a vegetative state.
The flaw has been discovered by Trend Micro and it can use the MKV video to crash Android’s “mediaserver” service, once that’s done the device is better suited to perform duties as a paperweight.
It will silence all calls and notifications aside from freezing up the phone’s user interface. If the phone is locked during the incident users won’t even be able to get past the lockscreen.
Hackers can exploit this vegetative state to quite literally hold the handset for ransom, not opening it up unless the device owner pays.
Trend Micro says that it informed Google about this flaw back in May and that it was marked by the company as “low priority.” A spokesperson for Google tells Engadget that there’s “no evidence of actual exploitation” and that it will issue a patch with a “future version of Android.”
Filed in . Read more about Android.