Connect with us

Hi, what are you looking for?

Tech & Science

Android bug makes smartphones hackable by text message

Android devices have vulnerabilities that allow hackers to access a device by sending a text message or multimedia file, while the user is unaware of a breach. About 95 percent of Android devices are thought to be at risk, according to mobile security firm Zimperium zLabs.

The security gap is worse than usual spear phishing, where the user opens a file to activate the attack. The user does not need to open the malicious text message or file to become infected. Depending on the chat client, some may not even see the text message before it infects the device.

At fault is are vulnerabilities in the media library (used to process media files) called Stagefright.

“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone,” Zimperium chief technology officer Zuk Avraham told VentureBeat.

The security firm found and reported the bugs in April and a second set of problems in May, bringing the total to seven issues. Google quickly confirmed that patches would be included in future releases. What is most worrisome is some Android users may not be able to access users those fixes right away.

“All devices should be assumed to be vulnerable,” Zimperium vice president Joshua Drake, told Forbes. He believes as many as 950 million Android phones could be affected, going on figures suggesting there are just over 1 billion in use. Only older Android phones below version 2.2 are not affected, he added.

Security researchers do not believe the vulnerability has yet been used in real life, but it’s only a matter of time for that to happen. The only piece of information a hacker need to know to attack is a telephone number.

Despite there being a fix and urgent need for it, many Android users may not be able to get relief anytime soon. Manufacturers have been notoriously slow in offering updates to protect their customers, the largest being HTC, LG, Lenovo, Motorola, Samsung and Sony.

Drake guesses that, at best, 50 percent of users will be able to get a patch. As of now, there is no information about which devices are safe, with one exception.

Silent Circle, the creator of the privacy-focused Blackphone smartphone, has applied Drake’s fixes.

There is no financial incentive for manufacturers to upgrade software. Collin Mulliner, senior research scientist at Northeastern University told NPR, “In this case Google is not the actual one to blame. It’s ultimately the manufacturer of your phone, in combination possibly with your carrier.”

Written By

You may also like:

Tech & Science

Under new legislation that passed the House of Representatives last week, TikTok could be banned in the United States.

Social Media

Wanna buy some ignorance? You’re in luck.

Life

Platforms like Instagram and Pinterest often suggest travel destinations based on your likes and viewing habits.

Social Media

From vampires and wendigos to killer asteroids, TikTok users are pumping out outlandish end-of-the-world conspiracy theories.