safety researchers at Zimperium have some bad news for Android users out there who frequently send and receive multimedia messages. According to the researchers, a major safety hole exists in the Android platform which could potentially allow malicious individuals to get access to a device by simply sending a seemingly innocent text message to the targeted number. Android is currently the most popular mobile operating system on the planet, accounting for around 80% of smartphones in existence, so it isn’t tough to understand why this is a severe cause for concern.
The ability to exploit the vulnerability within the Android platform is so severe that an attacker could take over the device from a remote location before the phone even has a chance to notify the user of an incoming text. According to Zimperium researcher Joshua Drake:
This happens even before the sound that you’ve received a message has even occurred. That’s what makes it so dangerous. It could be absolutely silent. You may not even see anything.
Drake, who is also the co-author of the Android Hacker’s Handbook, goes on to describe that the vulnerability can be exploited by means of a relatively basic piece of malware hidden inside of a purposely created, but seemingly innocent video sent by means of multimedia text. one of the primary worries for Drake is the fact that the native Hangouts application quickly processes videos received by the device ensuring that the user experiences no lost time when loading the video. regrettably for Android this method “invites the malware ideal in”.
Things aren’t as scary if you actually use the native Messages app within Android as this actually requires the user to open the app before the malware within the attachment can be processed and executed. with that said it is worth noting that neither case actually requires the embedded media to be manually opened and viewed. If this type of message is received and processed then it pretty much allows the attackers access to anything. They would be able to view the device camera, listen in on the microphone, and even copy and delete data from the device as they see fit.
Drake and his Zimperium team have already submitted patches to Google for fixing this vulnerability, which have been accepted and will likely filter through to new versions of Android. Whether or not the fix makes it through to your device in an acceptable time period is entirely dependent on the hardware maker and when they roll out the updated version of Android for your particular device.
(Source: NPR)
You may also like to check out:
How To secure Android Phones and Tablets From growing Malware danger [Guide]
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the current from Microsoft, Google, Apple and the web.