Android Flaw Lets Hackers Break in With an MMS: Report

Advertisement
By Agence France-Presse | Updated: 28 July 2015 10:24 IST
Android Flaw Lets Hackers Break in With an MMS: Report
Cyber-security firm Zimperium on Monday warned of a flaw in the world's most popular smartphone operating system that lets hackers take control with a text message.

"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message)," Zimperium Mobile Security said in a blog post.

"A fully weaponised successful attack could even delete the message before you see it. You will only see the notification."

Android code dubbed "Stagefright" was at the heart of the problem, according to Zimperium.

Stagefright automatically pre-loads video snippets attached to text messages to spare recipients from the annoyance of waiting to view clips.

Advertisement

Hackers can hide malicious code in video files and it will be unleashed even if the smartphone user never opens it or reads the message, according to research by Zimperium's Joshua Drake.

"The targets for this kind of attack can be anyone," the cyber-security firm said, referring to Stagefright as the worst Android flaw discovered to date.

Advertisement

"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."

Malicious code executed by hackers could take control of smartphones and plunder contents without owners knowing.

Advertisement

Stagefright imperils some 95 percent, or an estimated 950 million, of Android phones, according to the security firm.

Zimperium said that it reported the problem to Google and provided the California Internet firm with patches to prevent breaches.

"Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that's only the beginning of what will be a very lengthy process of update deployment," Zimperium said.

It did not appear as though hackers had taken advantage of the Stagefright vulnerability, according to Zimperium.

Updating Android software powering mobile devices is controlled by hardware makers and sometimes telecommunication service carriers, not Google.

While Apple controls the hardware and software in iPhones, iPads, and iPods powered by its mobile operating system, Google makes Android available free to device makers who customize the code and update it as they see fit.

More about Drake's research was to be disclosed at a Black Hat computer security conference taking place in Las Vegas early in August.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. ROG Xbox Ally and ROG Xbox Ally X Handhelds Unveiled at Xbox Games Showcase
  2. iOS 26 May Feature "Liquid Glass" Elements Throughout the User Interface
  3. WWDC 2025: How to Watch the Apple Keynote Live and What to Expect
  1. iOS 26 to Feature “Liquid Glass” UI Elements in Anticipation of 2027 iPhone Models: Report
  2. Microsoft Unveils ROG Xbox Ally and ROG Xbox Ally X Handheld PCs at Xbox Games Showcase
  3. Xiaomi SU7 Ultra Coming to Gran Turismo 7 on PlayStation With a Future Update
  4. NASA-ISRO Launch Joint Space Biology Experiments on Axiom Mission 4
  5. Scientists Discover Clicking Sounds in Rig Sharks for the First Time
  6. WWDC 2025: How to Watch the Apple Keynote Live and What to Expect
  7. Scientists Discover Heaviest Proton-Emitting Nucleus After Nearly 30 Years
  8. Hubble Unveils Galactic ‘Cotton Candy’ in the Large Magellanic Cloud
  9. James Webb Telescope Maps Fiery Atmosphere of Turbulent Exoplanet WASP-121b
  10. SpaceX Launches 27 Starlink Satellites from California Using Veteran Falcon 9 Booster
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.