Android users beware; a security flaw has recently been uncovered that lets hackers in with just a text message. All the user would need to do is receive a text message with a file attachment. The user most like won’t even be aware this is happening; no notification will appear and there’s no telling how long it will take the malware to worm its way through your data.
You won’t even have to open the message in order for the malware to take root, according to Joshua Drake, security researcher with Zimperium, as soon as the message is received by the phone, “it does its initial processing, which triggers the vulnerability.”
The reason why this happens is because the Hangouts app that comes pre-installed on every Android phone processes videos the moment they arrive to the device as a convenience to the user.
Learn more about Android malware and how to take steps to prevent it with the 2015 Mobile Threat Report. Download your Free Copy today!
“If you’re using the phone’s default messaging app,” Drake explains, “it’s a tiny bit less dangerous. You would have to view the text message before it processes the attachment. But, to be clear, it does not require in either case for the targeted user to have to play back the media at all.”
Once the hacker is in, they’re in and have access to everything on the device and potentially the network the device is attached to. Thing includes the contact information, and more importantly, the phone numbers of everyone in the enterprise allowing the hacker to take their pick on who to hack next.
According to an article by Aarti Shahani for npr.org, there may be a solution for this enormous security hole. Since Android is open source, it means that they are accepting of patches users submit when they find these security holes like Drake did. Drake submitted his patches to Google and they were accepted, meaning that the problem is in the process of being corrected. The only problem remaining is time; these patches can only be fully implemented after Google spends time going over them.
The article also points out, that Google isn’t the one to blame; it’s the manufactures and the wireless carriers. Google gives these wireless carriers the latest version of Android and they alter it any way they want to before putting it on devices and putting it into production. At that point, they no longer have incentive to fix the phone because they are no longer getting any financial gain from that device.
Manufactures including Samsung, HTC and Nexus have responded to NPR addressing the issue. They all have made plans to fix this security issue in the next updates which they plan to roll out as soon as possible.
T-Mobile also responded as assured that they are working with their device partners on how to fix this issue.