Advertisement

Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Tuesday 5 December 2023 Dublin: 4°C
AP Photo/Jeff Chiu
exploit

Android phones have a serious flaw that could allow hackers in with one text

And as many as 950 million Android phones could be affected by it.
21
23.3k
Jul 27th 2015, 6:28 PM

ANDROID PHONES MAY be vulnerable to a security flaw which could allow attackers into your phone through a single text.

According to Zimperium zLabs, the flaw doesn’t even require the user to open the text message to take effect.

The weakness is found in Stagefright, a media playback tool in Android, and as many as 950 million Android phones could be affected, according to Forbes.

The issue lies with Google Hangouts, which acts as the default SMS messenger for your phone. Since it automatically processes video received so it’s ready in your phone’s gallery, the malware enters your phone without requiring you to open up the text.

All an attacker needs to do is create a short video, hide the malware inside and text it to your number. There have been no instances of this flaw being exploited as of yet (if you can’t make out the image below, click here).

Cat1-1024x534 Zimperium How the security flaw works. Zimperium

Joshua Drake, a security researcher with Zimperium, told NPR he shared his findings with Google in April and May, and sent over patches to help fix the bugs. Google applied the patches to its internal code branches within 48 hours.

However, the length of time it takes for an upgrade to Android to reach all phones takes a long time as it’s not in Google’s hands. Drake estimates that as few as 20% of Android phones will get fixed, with an optimistic number reaching 50%. Part of the reason behind that estimate is that devices that are 18 months or older are unlikely to receive an update.

It’s better to assume your phone hasn’t been patched yet so to avoid this, it’s best to avoid using Hangouts entirely and change to a different SMS app like your phone’s default messenger app. Even then, you should be careful about the type of text messages you view, especially if it’s from an unfamiliar number.

If you have to rely on Hangouts, you can disable auto-retrieve MMS by going into settings > SMS and finding the option under the advanced submenu and untick it.

If you’re one of the few people who has an Android phone with version 2.2 or older, you’re safe.

This isn’t the first time a text message created problems for smartphones. Back in May, Apple’s iOS system had a problem which let you crash an iPhone by sending it a specific text.

Read: Is Twitter really taking down stolen jokes because of copyright infringement? >

Read: This monitor wants to wirelessly charge your phone while you work >

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More

Author
Quinton O'Reilly
quinton@thejournal.ie
@qoreilly
Send Tip or Correction
Read Next
More Stories
Related Tags
Your Voice
Readers Comments
21
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.