Android Wallpaper Malware Explained + Solved!

Ice Universe shared a really interesting problem earlier today – a wallpaper that would set certain Android smartphones into a boot loop. Literally wallpaper malware!

Find out what this wallpaper malware is all about, and how to prevent it from bricking your Android smartphone!

Android Wallpaper Malware Explained + Solved!

 

Android Wallpaper Malware Explained + Solved Video

For a quick run-down, we prepared this video that explains what the wallpaper does, and how to solve the problem.

 

Android Wallpaper Malware : What Is It?

The wallpaper was first shared by Ice Universe whose friend was affected by it. As you can see, there is really nothing remarkable about it.

Android Wallpaper Malware sample

If you set it as a wallpaper on a vulnerable Android smartphone, it will force the device to go into a boot loop.

Once that happens, there is nothing more you can do, except to factory reset your smartphonedestroying all of its data.

 

Android Wallpaper Malware : The Cause

Ice Universe paved the way to discovering the cause when he noted that the wallpaper’s colour seemed to changed when he uploaded it to Weibo.

So we looked into the metadata of the wallpaper, and discovered that it has a specific ICC colour profile for Google Skia – E3CADAB7BD3DE5E3436874D2A9DEE126

Android wallpaper malware Google Skia colour space

That ICC colour profile appears to trip the Google Skia graphics engine for certain Android devices, causing them to reboot.

Technically, com.android.systemui.glwallpaper.ImageProcessHelper crashes from an ArrayIndexOutOfBoundsException while trying to load the wallpaper with the embedded colour profile.

And because the wallpaper loads when Android UI loads, it triggers another reboot. Your smartphone is now stuck in a boot loop – it will keep rebooting on loading the wallpaper.

 

Android Wallpaper Malware : The Solution

The solution is surprisingly simple – remove the ICC colour profile. You can do that by using a photo editor (like Photoshop) and simply saving the wallpaper without embedding the colour profile.

Alternatively, you can use an EXIF remover app or software to strip the wallpaper’s metadata. That should strip its colour profile as well. Just make sure you check before you load it into your phone!

The only problem is that stripping the colour profile makes the wallpaper look less vivid.

Android Wallpaper Malware Ori vs Profile Removed

But the best thing to do is really just avoid the wallpaper altogether. Don’t even download it.

Google really needs to look into how such a bad colour profile in a picture can trip Google Skia and force the phone into a boot loop.

We should consider this a shot across the bow. Not only should we question whether we really “need” that nice wallpaper, we should be more proactive and :

  • offload our data from our smartphones on a regular basis
  • keep constant backups of our smartphone data
  • consider recording our photos and videos to a microSD card

This way, even if another wallpaper or picture malware comes along and bricks your phone, you won’t lose all of your data.

 

Recommended Reading

Go Back To > Mobile Devices | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Comments

comments

About The Author

Leave a Reply

%d bloggers like this: