A major Android security flaw would let hackers in with a text
A major Android security flaw would let hackers in with a text
Got an Android phone? Then read on - your beloved smartphone could be at risk from an alarmingly easy hack.
The flaw has been discovered in the way that Android's Hangout app instantly processes videos and images your mobile receives attached to text messages: to make it as easy for users to find media, it analyses attachments before you open the message, saving files such as videos to your gallery.
In theory, a hacker could attach a piece of malicious code to a video in a text attachment that would allow them to remotely access someone's phone as soon as they receive the text message. "This happens even before the sound that you've received a message has even occurred," said Joshua Drake, security researcher with Zimperium and co-author of Android Hacker's Handbook. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."
Speaking to NPR, Drake detailed how malware attached to videos would be able to open up an Android phone to copy data, delete it, take over your microphone or monitor any passwords you were inputting - "It's really up to their imagination what they do once they get in."
While the vulnerability sounds like a serious one, Drake was eager to point out that there are no known hackers currently looking to exploit the hack. He discovered the hack while working on Android security in a lab setting with his employer Zimperium, notifying Google immediately as to the nature of the hack and possible patches to safeguard against it. Google pays developers for identifying exploits in its Android software, actively encouraging people like Drake to break their software and put it back together for financial rewards.
Google has since rolled out a patch for the exploit, notifying all mobile manufacturers and carriers who run the Android system of what they need to do to patch the problem. Drake believes that up to 50 percent of all Android devices could be patched when updates are rolled out, but many users might fail to update their systems, or some providers might not bother implementing the fix due to a lack of financial incentive.
So what should you do to protect your phone? Well, avoiding Hangouts is one step, but the exploit can apparently still be achieved with a normal text message. Best check whether your Android phone has any updates pending, download the latest software and don't go handing out your mobile number to anyone who looks like a hacker.
You know the type - hoodie, shifty eyes, fingerless gloves.
[Via: NPR]
