Do you have an Android device?

Are you running Android Nougat, Oreo, or Pie (versions 7x, 8x, or 9x)?  Do you play games on your phone?

If you answered yes to those questions, you may have a problem. It is a bigger problem given that there are more than a billion devices currently in service running one of those operating systems.

A carefully crafted, innocent-looking video file could be embedded in a game app and could compromise your system, thanks to a critical vulnerability.

Millions of users still waiting for the patch

The RCE (Remote Code Execution) vulnerability is being tracked at CVE-2019-2107. It works by finding a way to trick the user into playing a poisoned video via Android's native video player application.

Google moved quickly to address the issue and has already patched it, but there's a catch. Millions of Android devices are still waiting for that last security update.  The bottleneck isn't Google in this case. It's the device manufacturers themselves that are dropping the ball.

As bad as the bug is, there is a potential silver lining.  The vulnerability only works if the video is viewed directly on the device.  If the video is received through an instant messaging app or uploaded to a service like YouTube, the attack becomes utterly ineffective. That's because messaging and video hosting services both compress and re-encode media files, which has a distorting effect on the embedded malicious code.

The three things you can do to avoid the issue

  • Make sure your OS is up to date
  • Don't download games or other apps from untrusted third-party sources. Get them from the Google Play store or don't get them at all.
  • Don't download videos from un-trusted sources, including links to videos or apps you might get in your email.

Our perspective

While taking the advice above won't completely eliminate your risk, it will dramatically reduce it.

As Sgt. Phil Esterhaus always advised: "Hey, let's be careful out there!"

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.