A security researcher has claimed to have found a hack that can be executed by a text message and give the attacker complete control of the phone:
Here’s how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it’s received by the phone, Drake says, “it does its initial processing, which triggers the vulnerability.”
The messaging app Hangouts instantly processes videos, to keep them ready in the phone’s gallery. That way the user doesn’t have to waste time looking. But, Drake says, this setup invites the malware right in.
If you’re using the phone’s default messaging app, he explains, it’s “a tiny bit less dangerous.” You would have to view the text message before it processes the attachment. But, to be clear, “it does not require in either case for the targeted user to have to play back the media at all,” Drake says.
Once the attackers get in, Drake says, they’d be able do anything — copy data, delete it, take over your microphone and camera to monitor your every word and move. “It’s really up to their imagination what they do once they get in,” he says.
This could affect 80% of Android phones out there and while it isn’t out in the wild yet, you can expect that now that this exploit is public, it will be. That’s not trivial. Neither is the fact that this will not get patched quickly despite the fact the fix is equally as trivial. That’s because the Android OS is incredibly fragmented with different versions of the OS being made available by Google, handset manufacturers, carriers, and the like. As a result, some may implement the fix quickly, others may implement it slowly, or some may not implement it at all. Thus you have to hope that wherever you get your Android OS updates from implement this fix before this becomes a real problem.
Like this:
Like Loading...
Related
This entry was posted on July 27, 2015 at 4:06 pm and is filed under Commentary with tags Android, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Most Android Phones Can Be Hacked Easily Via Text Message: Report
A security researcher has claimed to have found a hack that can be executed by a text message and give the attacker complete control of the phone:
Here’s how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it’s received by the phone, Drake says, “it does its initial processing, which triggers the vulnerability.”
The messaging app Hangouts instantly processes videos, to keep them ready in the phone’s gallery. That way the user doesn’t have to waste time looking. But, Drake says, this setup invites the malware right in.
If you’re using the phone’s default messaging app, he explains, it’s “a tiny bit less dangerous.” You would have to view the text message before it processes the attachment. But, to be clear, “it does not require in either case for the targeted user to have to play back the media at all,” Drake says.
Once the attackers get in, Drake says, they’d be able do anything — copy data, delete it, take over your microphone and camera to monitor your every word and move. “It’s really up to their imagination what they do once they get in,” he says.
This could affect 80% of Android phones out there and while it isn’t out in the wild yet, you can expect that now that this exploit is public, it will be. That’s not trivial. Neither is the fact that this will not get patched quickly despite the fact the fix is equally as trivial. That’s because the Android OS is incredibly fragmented with different versions of the OS being made available by Google, handset manufacturers, carriers, and the like. As a result, some may implement the fix quickly, others may implement it slowly, or some may not implement it at all. Thus you have to hope that wherever you get your Android OS updates from implement this fix before this becomes a real problem.
Share this:
Like this:
Related
This entry was posted on July 27, 2015 at 4:06 pm and is filed under Commentary with tags Android, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.