Previous Story
Android phones can be hacked with a simple text – Jul. 27, 2015
So you may never see a security update for your phone to fix this rather annoying flaw, rendering your handset permanently at-risk of infection (unless you root your handset and install your own flavor of Android.) Your only solution is to buy a new smartphone, which is exactly what the manufacturers want.
The bug was reported by Joshua Drake, from Zimperium zLabs, in April in order to give Google enough time to fix the problem and send patches out to its partners. In addition, Drake told Forbes that older devices such as the Samsung Galaxy S4 and LG’s Optimus Elite run the exploitable process with system-level permissions, which “provides wide access across the phone” with no further effort. At fault is a media playback tool called Stagefright, which despite its name, contains aggressive “remote code execution” bugs that let hackers pull out info accessible by Stagefright-meaning they can ostensibly record audio and video, look through photos, and break into Bluetooth, per Forbes. Assuming that most of the attackers are going to be doing it with financial incentive, to steal identities, the hackers are likely to be careful not to damage the phone or make it obvious that there is something wrong.
Though Google has applied patches to Android Open Source Project, Zimperium says device owners should be proactive in updating their phones.
Drake will be reporting on these findings at the Black Hat hacker conference in Las Vegas next week.
According to Drake, for the exploit to work you only to know the victim’s phone number. According to IDC’s market share report, with 78% of the smartphones running Android, the OS happens to be the most popular mobile system with iOS trailing behind.
Amid the lightly-examined plunge into a wireless world comes a new cell phone vulnerability impacting 950 million phones with Android version 2.2 to the current operating system.
For Android device owners using the default messaging app, they’d have to view the text message, though still wouldn’t be required to play the video for the malware to be installed.
“By controlling these applications, an attacker can essentially spy on their victim by listening in on conversations or watching the device’s surroundings”.
The vast majority of Android phones can be hacked by sending them a specially crafted multimedia message (MMS), a security researcher has found. Drake said that he uncovered the vulnerability, codenamed Stagefright, in an interview with Business Insider. Drake said Zimperium has sent the necessary patch to Google.
There is also no certainly as to if or when these third parties will offer a fix for the Android flaw, but surely they can not leave them exposed like this? Mozilla fixed the issues in Firefox 38, released in May. The solution is not entirely in Google’s hands and given the slow pace at which these operators and manufacturers function, the patches would not be rolled out quickly.
