Security warning surfaces, as researchers at Zimperium have some really bad news for Android users out there who regularly send and receive multimedia messages. According to them, a mjor security hole exists in the Android platform which could potentially allow malicious individuals to gain complete access to a device by simply sending a thin inncocent message to the targeted number. Android is however the most popular mobile OS on the planet, accounting for approx 80% of smartphones in existence, so it’s difficult to understand why this is a serious cause for concern.
Researchers claims that the ability to exploit the vulnerability within Android platform is so serious that an attacker could hijack the device from a remote location before the phone even has a chance to notify the user of an incoming text. As per Zimperium researcher Joshua Drake,
This happens even before the sound that you’ve received a message has even occurred. That’s what makes it so dangerous. It could be absolutely silent. You may not even see anything.
According to the researcher Drake, who is also the co-author of the Android Hacker’s Handbook, goes on to explain that the vulnerabity can be exploited via a relatively simple piece of malware hidden inside of a purposely created, but seemingly innocent video sent via multimedia text. Concerns that fact that the native Hangouts application instantly processes videos received by the device ensuring that the user experiences no wasted time when loading the video. Unfortunately for Android this method “invites the malware right in“.
Nevertheless, you can get rid of such malware attacks if you actually use the native Messages app within Android as this requires the user to open the app before the malware within the attachment can be processed and executed. Worth noting that neither case actually requires the embedded media to be manually opened and viewed. If this type of message arrives and received and processed then it pretty much allows the attackers access to anything. So that they would be able to view the device camera, listen in on the microphone, and even copy and delete data from the device as they see fit.
The resaerchers team has although submitted patches to Google for fixing this vulnerabity, which has been accepted and will likely filter through to new versions of Android. Whether or not the fix makes it through to your device in an acceptable time period is entirely dependent on the hardware manufacturer and when they roll out the updated version of Android for your specific device.