Skip to main content

Playing Videos Could Allow Hackers Into Your Phone

By August 12, 2019May 16th, 2022Cybersecurity

Do you have an Android device?  Are you running Android Nougat, Oreo, or Pie (versions 7x, 8x, or 9x)?  Do you play games on your phone?

If you answered yes to those questions, you may have a problem. It is a bigger problem given that there are more than a billion devices currently in service running one of those operating systems.

A carefully crafted, innocent-looking video file could be embedded in a game app and could compromise your system, thanks to a critical vulnerability.

The RCE (Remote Code Execution) vulnerability is being tracked at CVE-2019-2107. It wworks by finding a way to trick the user into playing a poisoned video via Android’s native video player application.

Google moved quickly to address the issue and has already patched it, but there’s a catch. Millions of Android devices are still waiting for that last security update.  The bottleneck isn’t Google in this case. It’s the device manufacturers themselves that are dropping the ball.

As bad as the bug is, there is a potential silver lining.  The vulnerability only works if the video is viewed directly on the device.  If the video is received through an instant messaging app, or uploaded to a service like YouTube, the attack becomes utterly ineffective. That’s because messaging and video hosting services both compress and re-encode media files, which has a distorting effect on the embedded malicious code.

In terms of avoiding the issue, there are three things you can do:

  • Make sure your OS is up to date
  • Don’t download games or other apps from un-trusted third-party sources. Get them from the Google Play store or don’t get them at all.
  • Don’t download videos from un-trusted sources, including links to videos or apps you might get in your email.

While taking the advice above won’t completely eliminate your risk, it will dramatically reduce it.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.