• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Mobile
  • CVE-2016-3862 flaw – Silently hack millions Androids devices with a photo

CVE-2016-3862 flaw – Silently hack millions Androids devices with a photo

Pierluigi Paganini September 07, 2016

The CVE-2016-3862 flaw is a remote code execution vulnerability that affects the way images used by certain Android apps parsed the Exif data.

Are you an Android user? I have a bad news for you, an apparently harmless image on social media or messaging app could compromise your mobile device.
The last security updates issued by Google have fixed the Quadrooter vulnerabilities, that were threatening more than 900 Million devices, and a critical zero-day that could let attackers deliver their hack hidden inside an image.

The flaw, coded as CVE-2016-3862, is a remote code execution vulnerability in the Mediaserver. It affects the way images used by certain Android applications parsed the Exif data included in the images.

“Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (includingsmartphones), scanners and other systems handling image and sound files recorded by digital cameras. ” reads Wikipedia.

The flaw was first discovered by the security researcher Tim Strazzere from the SentinelOne firm, who explained that it could be exploited by hackers to take complete control of the device without the victim knowing or crash it.

“Strazzere told me that as long as an attacker can get a user to open the image file within an affected app – such as Gchat and Gmail – they could either cause a crash or get “remote code execution”; ergo they could effectively place malware on the device and take control of it without the user knowing.” explained Forbes.

The victim doesn’t need to click on the malicious image, neither on a link, because as soon as it’s data was parsed by the device it would trigger the CVE-2016-3862 vulnerability.

“The problem was made even more severe as a malicious hacker wouldn’t even need the victim to do anything. “Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving a message or email from someone. Once that application attempts to parse the image (which was done automatically), the crash is triggered,” Strazzere explained. 

What does it mean?

Just one photo containing a generic exploit can silently hack millions of Android devices, is a way similar to the Stagefright exploits that allowed the attackers to hack a smartphone with just a simple text message.

“Theoretically, someone could create a generic exploit inside an image to exploits lots of devices. However, due to my skill level, I had to specifically craft each one for the devices. Though once this is done, Gchat, Gmail, most other messengers or social media apps would likely allow this to trigger.”

Strazzere developed the exploits for the affected devices and tested them on Gchat, Gmail and many other messenger and social media apps.

Strazzere did not reveal the names of the other apps that are also affected by the CVE-2016-3862 vulnerability, it also added that the list of vulnerable software includes “privacy-sensitive” tools. Any mobile app implementing the Android Java object ExifInterface code is likely vulnerable to the vulnerability.

CVE-2016-3862 android flaw

The vulnerability is similar to last year’s Stagefright bug (exploit code) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it.

Google Android version from 4.4.4 to 6.0.1 are affected by the CVE-2016-3862 vulnerability, of course, the devices that installed the last update.

Google has already delivered a patch to fix the vulnerability, as usual, this doesn’t mean that your mobile has already applied it because the patch management depends on handset manufacturers and carriers.

So, if you are not running an updated version of the Android OS, you probably are vulnerable to the image-based attack.

Google rewarded  Strazzere $4,000 as part of its Android bug bounty and added another $4,000, as the researcher had pledged to give all $8,000 to Girls Garage, a program of the nonprofit Project H Design for girls aged 9-13.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CVE-2016-3862 vulnerability, Android)


facebook linkedin twitter

Android CVE-2016-3862 vulnerability Exif data Google mobile Quadrooter vulnerabilities

you might also like

Pierluigi Paganini July 26, 2025
Law enforcement operations seized BlackSuit ransomware gang’s darknet sites
Read more
Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT