Android users, beware: Security researchers have discovered that 95% of Android phones are vulnerable to attack through the dispatch of just one text message.
Joshua Drake, VP of platform research and exploitation at the cybersecurity firm Zimperium’s zLabs division, reported the flaw to Google earlier this year, but he says that most manufacturers have not made fixes available to consumers. The security hole puts 950 million Android devices at risk.
The hack relies on bugs in Stagefright, a media playback service that’s built into Android. All hackers need is a phone number: Once they send a photo or video MMS message to a phone, they have full access. The security flaw–present in most Android phones manufactured after 2010–allows hackers to steal and monitor the contents of a phone. In other words, the hacker has complete control–a phone owner need not even open the text for the attack to take effect.
Google has released patches for the vulnerability, but Zimperium urged users to take action since those updates may be slow to come–and it’s unlikely that Google will even release patches for older devices.
Drake will be reporting on these findings at the Black Hat hacker conference in Las Vegas next week.
[via The Daily Dot]