Researchers have developed an attack that puts more than 50 percent of Android phones into the digital equivalent of a persistent vegetative state in which they're almost completely unresponsive and are unable to perform most functions, including making or receiving calls.
The vulnerability, which resides in the mediaserver service Android uses to index media files, can most easily be exploited by luring a vulnerable phone to a booby-trapped website. Presumably, the phone can be revived by restarting it, but according to a blog post published Wednesday by a researcher from security firm Trend Micro, the bug can also be exploited by malicious apps. In this latter scenario, the malicious app could be designed to automatically start each time the phone is turned on, causing it to crash shortly after each restart.
Trend Micro researcher Wish Wu wrote: