Before you start reading this article, we would advise you to install the latest Android security updates by going into your device settings. Otherwise, your device might be susceptible to malware-fitted videos that, once interacted with, can hijack your device.
Hackers are exploiting an Android vulnerability CVE-2019-2107 that “would enable a remote attacker using a specially crafted file to execute arbitrary code” according to the Android Security Bulletin July 2019. The Android device can be hijacked as soon as the user opens the malware-ridden video.
This vulnerability is part of major security issues in Android’s media framework. While the July patch fixes this vulnerability, users who have not been updated to the latest Android security update are still prone to the malware. It is important to note that Android users running Android between 7.0 and 9.0 – Nougat, Oreo, and Pie – are susceptible to the attack.
Android developer Marcin Kozlowski, who uploaded proof-of-concept on Github, writes, “You can own the mobile by viewing a video with payload.” According to him, the offender can send these files via many sources such as Gmail; however, the medium should only open up the Android stock video player.
Kozlowski believes that the malicious payload can be disarmed if the video is re-encoded and played in a different video player. Most messaging apps like Facebook, WhatsApp and Instagram re-encode videos that make the payload ineffective.
While there is no way to tell how many Android devices have been affected, you can get rid of the risk by simply updating your Android to the latest version.