Subscribe

How hackers can take control of your Android with one text message (+video)

A flaw in the Android operating system could give hackers easy access to 95% of Android devices, according to cyber security firm Zimperium. 

  • close
    A hostess displays the Samsung Galaxy S6 Edge smartphone during the Mobile World Congress in Barcelona March 2, 2015.
    Gustau Nacarino/Reuters
    View Caption
  • About video ads
    View Caption
of

Security researchers have exposed what experts are calling the worst Android flaw discovered to date. 

According to research conducted by Joshua Drake of the cyber security firm Zimperium, a vulnerability in an Android component used to display media, called "Stagefright," allows hackers to take control of your smartphone by sending one text message with a malicious media file attached. 

Because Stagefright automatically pre-loads videos attached to MMS messages, there is no way to prevent these attacks. 

“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” Zimperium wrote in a blog post, adding that “this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”   

Android is the the world’s most popular smartphone operating system and 95 percent of Android devices – about 950 million smartphones and tablets – are at risk, according to Zimperium.

"On some devices, the privileges at which this runs means an attacker could access all kinds of content on your device or access resources such as the camera," said James Lyne, global head of security research at security company Sophos, to the BBC.

It does not appear that any hackers have taken advantage of the flaw yet, but Zimperium and Google aren’t taking any chances. Zimperium has reported the problem to Google and provided the tech company with patches to prevent breaches.

"Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that's only the beginning of what will be a very lengthy process of update deployment," Zimperium said.

Unlike Apple, which controls the hardware and software on its iPhones, Google provides its latest version of Android to manufacturers who are then able to tweak it to their liking. This makes updating devices using the operating system a much greater challenge, and doesn’t guarantee that the patch will actually reach all Android users.

Often, manufacturers choose not to fix phones already sold because the company can save money by not providing updates, according to Collin Mulliner, a senior research scientist at Northeastern University. 

In other words, if your phone is hacked because updated software is not made available, “Google is not the actual one to blame," Mr. Mulliner told NPR. "It's ultimately the manufacturer of your phone, in combination possibly with your carrier.” 

Some manufacturers have taken months to issue critical patches in the past, according to Vice’s Motherboard blog. And “at times, for devices older than a year or 18 months, patches never come.” 

To find out what kind of risks your Android faces, Zimperium suggests that consumers “contact your device manufacturer and/or carrier to ascertain whether or not your particular device has been updated [with] the requisite patches.” 

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK