Android phones can be hacked with a text, 950m users at risk

29 Jul 2015 | Author: | No comments yet »

Android Phones Subject To Attack Via Text Pics.

Stagefright is a nasty potential problem for a huge majority of the World’s Android users. A picture inside a text message sent to 95 per cent of Android phone owners (currently 950 million users worldwide) allows hackers to gain complete control of their device. Thomas Fox-Brewster covered it in detail in his article yesterday, but here in brief is how to prevent the bug being used to access your phone without you even knowing.

That’s because there is reportedly a flaw on some Android devices that automatically downloads pictures, audio or video in text messages you receive. According to mobile security firm Zimperium, hackers need only send the bug to a smartphone and they can take control of the device, and get access to personal information stored on the handset. “The attacker can send a specially crafted MMS file that is automatically parsed, and then the phone will be infected,” said CTO/Zimperium Founder Zuk Avraham. “It can also be triggered via other means like browsers — Chrome or Firefox — whenever you go to any website that has this specific vulnerability.” “The security of users is extremely important to us, so we’ve already responded quickly to this issue by sending the fix for all Android devices to our partners,” said a spokesperson.

Will Dormann, a senior vulnerability analyst at the Software Engineering Institute in Oakland, says not all smartphones are equal when it comes to resisting this malware. “Google actually did fix the code,” said Dormann. “The bugs are fixed. The problem is there will be a certain amount of time before those fixes actually work their way out to the end users of the products.” In other words, says Dormann, although Google has fixed the software, it’s not clear that the manufacturer of your particular cell phone and your cell phone provider have passed on the fix. “If you contact the manufacturer, they will let you know if their particular hardware will get the fix. Because the exploit works by downloading code via MMS, to prevent being infected you must go to you SMS settings either in your phone’s SMS app, or through Google Hangouts, whichever you use. If they don’t push it out, users won’t get it. “Android users could stop using all messaging apps on their phones, but that is very unlikely,” said Laura Hautala of “So essentially we need to wait for the patches to come out.” The security firm that discovered the bug suggests Android users update to the latest version.

Just receiving it is enough to give people, potentially, access to your Android phone.” Once received by the smartphone, the flaw would give hackers complete control over the handset and allow them to steal anything on it, such as credit card numbers or personal information. The downsides of doing this are practically none, if you trust someone sending you an MMS you can still get the data, you’ll just be asked each time.

The company also said it informed Google, the company behind Android, when it first discovered the vulnerability in April and supplied patches that would fix the problem. (TM and © Copyright 2015 CBS Radio Inc. and its relevant subsidiaries. This is done by choosing ‘settings’ in the ‘messages’ app and then selecting the option that blocks messages from unknown senders. “This vulnerability was identified in a laboratory setting on older Android devices and as far as we know, no one has been affected,” she said. “As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users. And, we’ll be releasing it in open source when the details are made public by the researcher at BlackHat.” The bug works by exploiting Android’s media library, called Stagefright.

Mr Drake, vice president of platform research and exploitation at Zimperium, said that he would release further details of how the flaw works next week. The wider issue though is that with so many different versions of Android and various manufacturer implementations it’s quite hard to tell which devices will potentially be affected.

Here you can write a commentary on the recording "Android phones can be hacked with a text, 950m users at risk".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site