Playing Videos Could Allow Hackers Into Your Phone

August 12, 2019

Written by wukovits

Do you have an Android device?  Are you running Android Nougat, Oreo, or Pie (versions 7x, 8x, or 9x)?  Do you play games on your phone?

If you answered yes to those questions, you may have a problem. It is a bigger problem given that there are more than a billion devices currently in service running one of those operating systems.

A carefully crafted, innocent-looking video file could be embedded in a game app and could compromise your system, thanks to a critical vulnerability.

The RCE (Remote Code Execution) vulnerability is being tracked at CVE-2019-2107. It wworks by finding a way to trick the user into playing a poisoned video via Android’s native video player application.

Google moved quickly to address the issue and has already patched it, but there’s a catch. Millions of Android devices are still waiting for that last security update.  The bottleneck isn’t Google in this case. It’s the device manufacturers themselves that are dropping the ball.

As bad as the bug is, there is a potential silver lining.  The vulnerability only works if the video is viewed directly on the device.  If the video is received through an instant messaging app, or uploaded to a service like YouTube, the attack becomes utterly ineffective. That’s because messaging and video hosting services both compress and re-encode media files, which has a distorting effect on the embedded malicious code.

In terms of avoiding the issue, there are three things you can do:

  • Make sure your OS is up to date
  • Don’t download games or other apps from un-trusted third-party sources. Get them from the Google Play store or don’t get them at all.
  • Don’t download videos from un-trusted sources, including links to videos or apps you might get in your email.

While taking the advice above won’t completely eliminate your risk, it will dramatically reduce it.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.