Got a smartphone that runs Android? Then this information is for you! A new vulnerability has been discovered that can easily allow hackers to gain control of your device.
Android smartphones are immensely popular in the Philippines, with millions of devices from local and international brands being used by consumers all across the country. Now, up to 95% of global users of Google’s popular mobile operating system are at risk from a new vulnerability. The weakness could potentially allow an attacker to take complete control of the phone, according to security researchers.
First discovered by researchers at a company called Zimperium zLabs, the exploit dubbed “Stagefright” is already being called the worst ever bug uncovered on Android. Joshua Drake, VP at Zimperium, is quoted as saying: ‘All (Android) devices should be assumed to be vulnerable.” He warned that a simple MMS, or multimedia text, could trigger an attack which sees phones automatically parse the attack code even if the text hasn’t been opened or viewed yet: “This happens even before the sound that you’ve received a message has even occurred,” Drake said, before adding: “That’s what makes it so dangerous. It could be absolutely silent. You may not even see anything.”
Drake and his team have already informed Google about this, and even sent patches to the search giant in order to help fix the bug. “Basically, within 48 hours I had an email telling me that they had accepted all of the patches I sent them, which was great,” Drake told media.
Google has already created patches to fix the bug and has sent out patches to vendors and manufacturers. However, those fixes and patches haven’t been fully rolled out by the hardware companies yet and this leaves nearly all Android devices vulnerable.
Here is how a potential hack could work:
– An attacker creates a text or a short multimedia video embedded into a text along with hidden malware in it. He then sends it to your number.
– The moment you receive the message, the automatic ‘parsing’ happens: the default SMS application on your phone or tablet instantly processes the embedded video to keep it quickly accessible in the phone’s memory. The malware is now embedded into your phone.
– From this moment onwards, the attacker could potentially take complete control over the phone.
Such a comprehensive hack would allow the attacker to:
– Copy your data including emails, texts, stored credit card data and encrypted passwords.
– Take control of the microphone on the phone to record conversations.
– Take control of the camera on the phone to spy on you.
Phone manufacturers are expected to take this vulnerability seriously and roll out the patches soon, so the next time your phone displays the message that an OS update is waiting to be installed, we recommend you do it straight away to make sure your phone is protected against this bug.
