New Android vulnerability lets hackers take over your phone with an SMS


All Android users are being warned about a new security flaw that enables hackers to take over your device via a text message.

The Android vulnerability, which was discovered by researchers from online security company Zimperium, works when hackers send an MMS video which contains a line of malicious code which can be unleashed on your device even if you don’t actually click on the link, says Joshua Drake from Zimperium.

“Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message).”

“A fully weaponized successful attack could even delete the message before you see it. You will only see the notification.”

The malicious code which is at the heart of the flaw has been dubbed “Stagefright” and is widely regarded as the worst Android security vulnerability ever discovered.

According to Zimperium, Stagefright affects 95 per cent of Android phones, an estimated 950 million devices.

According to an article in Forbes, Drake says that he has reported the problem to Google but that the California based internet firm is yet to release a fix.

“As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week”, confirmed a spokesperson from Google.

How soon other Android users will receive the security fix could well depend on the phone’s manufacturer.

Android users with devices made by the likes of Samsung, HTC, Sony, LG, Lenovo and Motorola could still be vulnerable and it remains unclear when the as to when manufacturers will deliver fixes to users.

In the same article, Drake explains that Android users running versions prior to Jelly Bean 4.1, which equates to some 100 million devices, are likely to be worst affected due to “inadequate exploit mitigations”.

Source: NPR, Forbes

AVG AntiVirus 2015


Comments are closed.