Skip to main content

Latest Android bug can disable audio if you download a malicious file

A new bug has been found that can turn off all audio on your Android device running version 4.3 of the operating system or higher, but requires you to download a malicious file.

The bug can be triggered by a malicious app, or a purposefully-malformed MKV file. The bug triggers a buffer overflow in the mediaserver service, and the result is a stop to all audio on your phone or tablet. In some cases, the amount of RAM being used may be enough to cause the phone or tablet to become unresponsive.

Trend-Micro, vendors of a popular Android Antivirus application, submitted the bug to Google last May. Google marked the vulnerability as "low-priority" in accordance with their security vulnerability guidelines. Any reported and accepted vulnerability that can be fixed by a simple reboot of the device is classified as such. You can read more about Google's Severity ratings and associated consequences here.

Our recommendation — don't download files from people you do not trust, and you'll avoid this sort of issue. But if you do get hit by this particular vulnerability, just reboot your phone or tablet and delete the malicious file.

More: Trend Micro (opens in new tab)

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

47 Comments
  • wait you can get got with a mkv file?!
  • Not a "good" MKV. Someone has to open the MKV container and mess with the header information. Then get you to download and try to play it.
  • Yeah. An easy fix would be to use MKVToolNix and just remux every MKV. That will correct the headers. Also, depending on the MKV, you may be able to just rename it to MP4, due to the similarities between the container standards. As an MP4, you would not have access to embedded subtitles and only be able to use the 1st audio stream and 1st video stream. Again, it doesn't always work.
  • Ehrmahgerd!! Android unsafe! My rams got hacked! Android needs antivirus! wtf, android's just for porn anyway.
  • Android is very safe and secure. This has already been updated. All android devices will get the upgrade through Google services, no reboot or anything. Posted via the "None-Ya" app
  • Last i heard it was fixed and put out to the carriers. Its up to the carriers to push it out. Good luck with that!
  • Citation needed.
  • It is safe and secure...as long as you don't sideload apps. I sideload apps from sites like XDA, and in android forums to get apps. I'm curious if this happened to my Nexus 6 as the volume lowers and raises on everything. It cut out once for 3 days after I got it and updated and uploaded apps. I did a factory reset and have had no problems except a slight static sound in media playback inside apps and games sometimes.
  • Antivirus on android is useless...just a waste of space Posted via the "None-Ya" app
  • Why do you say that??
  • Because it is.. There are no viruses
  • That is not true at all. Just ran into one yesterday. Obviously, I'm not downloading the most legit of files but the cracked market, which is popular on Android (Argurably a selling point on Android, it's easy to pirate), Ive ran into more than a few.
    What ticked me off was the permissions needed compared to the official app.
    But to the guy above, anti viruses on Android don't seem to be effective at all. The detection rates are terrible.
  • Again, there are no viruses for Android. What you saw while stealing apps was not a virus.
  • Lift tip son, pay for your content. If you're running into problems pirating you have no bloody idea what you're doing. Posted via the Android Central App
  • ROFL.....better read up on that some!
  • Breaking news, Android vulnerable to attack from malicious jeans pocket! This just in: if you put your Android phone in your pocket, and it's too tight, or you sit down at a funny angle, the jeans can gain access to your volume controls and silence your phone, preventing you from noticing a call or message that could save your life. The only fix is to manually press the volume 'up' button. Google has not responded to our request for comment, but we recommend you avoid wearing jeans in particular, or any pants in general until this massive security hole is patched.
  • Darnit! I've fallen victim to this bug many times over the years! I'm switching to BlackBerry, as I'm sure they would take this security issue a little more seriously! Posted via the Android Central App
  • Whew! I wasn't wearing pants anyways. Now I'll never put them on again!!! Google needs to get this fixed before winter!!! Posted via the Android Central App
  • Wait.... Is THAT the StageFright exploit that Phil announced two days ago, but didn't have all the data yet?!?
    Dude, that's the lamest exploit ever!!!!
    That's not even an exploit. It's just a common bug. Exploit is what can cause actual harm. Those people are really running out of FUD, uh?!? Posted via the Android Central App
  • No, this is not StageFright. http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-androi...
  • Yeah, real scary... https://plus.google.com/+NicholasConrad/posts/gW3ZefD3asw
  • With all this talk about Android malware and exploits, I have yet to see or read about anyone actually getting infected.
  • Ahh android's many vulnerabilities and security flaws.... I wouldn't have it any other way! Posted via the Android Central App
  • After 20+ years of internets.. People still have to be told don't download shit from people you don't know.
  • "Stay safe out there."
  • "Godspeed." Posted via the Android Central App
  • One of the local news channels in my area ran a scare piece about the last exploit. Atypical news nonsense. Scare the viewer into submission.
    http://www.wwltv.com/story/news/local/orleans/2015/07/28/android-phone-s...
  • You can also lose music playback from downloading Tidal. Jay Z failed big time. Worst music app I've ever used. Back to Spotify. Posted via the Android Central App
  • The problem is is nasty lollipop goes bad sugary to feed on every android device to rip lol Posted via the Android Central App
  • I soooooooooooo love the don't worry about it attitude that's being pushed regarding all these serious issues. Posted via the Android Central App
  • Please point out where I did any such thing. I was very dry and interjected zero commentary. Download a bad file, you might lose audio and have to reboot your phone. Here's how it works. This was reported by a company that wants to sell you something. Google classifies vulnerabilities that inject no code, affect no user data files, and can be reversed via a reboot as low priority. We recommend you don't download files you do not trust.
  • I wasn't directing anything at you. If I was directing something about you I would have mentioned you by name. Pardon me if I'm a little concerned about all these "bugs/exploits" that are being discovered. Posted via the Android Central App
  • 10-4
  • Use phone as intended and you'll be fine. No pirated apps, don't click weird things, delete emails from unrecognized sources, etc. You won't get a virus, but you may have your identity stolen. This applies to any platform.
  • This exploit was done by Neil Young. He created it as a way to sell the Pono. Soon he will make a statement saying that his Pono player is immune to this and everyone should get one soon. From my Galaxy Tab Pro 8.4 on TWC's sucky high speed cable internet
  • ...or just don't download the file? Posted via the Android Central App
  • Not that simply....you can get a text message and get hit by it alone. Some instances not even know.
  • Oh I see. You're confused. Carry on.
  • Lol Posted via the Android Central App
  • And how do you fix it? Posted via the Android Central App
  • But an iPhone? Posted via the Android Central App
  • Or read the article. Up to you Posted via the Android Central App
  • I had a malicious update that totally killed the mobile data on my Nexus 4. What was it called now...hmmm 5.1 something...
  • This actually happened to me and I consider myself very tech savvy. Oops, didn't realise audio files could corrupt my phone. I had no idea what was causing it, I should have researched it. I've since broken that phone though and moved on. Posted via 4.7" Moto X
  • My phone's been occasionally suffering from this symptom without any malicious file. Hasn't happened in a while, though. Hopefully whatever it was in my case was patched out.
  • The biggest problem or vulnerability in any software/hardware is always the person operating the devices. That said,there are thousands of people working to make them even safer. Security researchers do this work to keep customers and the public at large, safe from themselves. The vast majority of people have no idea how things work. They just expect their device's to work flawlessly. The guys here at AC report on issues that they learn about,either through tips,or other means and I appreciate any reporting they do in this area. However, this bug is insignificant in comparison to other,more severe exploits,and there are many out there that affect mostly older phones, which the vast majority of users are on. AC typically plays down any Android vulnerabilities,and that's really a shame,because not all members are in the US,or using the latest devices like they are. Here is one such vulnerability that they chose not to write about,and affects all mobile phones. http://www.theregister.co.uk/2015/07/27/forensiq_ad_report/
    This has to do with ads being served thru apps that can hijack your phone,and waste your data and batteries. They are invisible ads being served in the background,that the user is not even aware of. In the most extreme case, 2gb of data were used in ONE day! The hijacking is very difficult to detect,and over 5000 apps were found in just ten days. As you can guess,Android had the most,and all of them slipped past playstore defense's. So shame on Google and AC for not warning people,as there are likely many more apps still being downloaded on all platforms with this vulnerability. Posted via the Android Central App, HTC Evo 4g LTE ,on Sprint
  • Yet another android bug on roll. It can make android phones non-responsive. Here's more info on it: http://cybersicherheit.blogspot.de/2015/08/something-that-can-hang-up-an...