Blog & Company News
Aug 20, 2015
Android Text Hack
Attention Android Users!
With just a simple receipt of a text message, your Android can be hacked. This is likely the biggest smartphone flaw ever discovered, CNN reports that, “it affects an estimated 950 million phones worldwide.” The issue is rooted in the way in which Androids are programmed to analyze incoming text messages, even before they have been opened. For instance, with Google's Hangouts app, any media file that you receive (pictures, videos, audio) is automatically processed as soon as it is received. Because of this, “a malware-laden file can start infecting the phone before it's even opened.”
The hacker needs only to send a text with a malicious media file to your phone to potentially gain complete control of your Android device. With that, he or she will be able to wipe out your device, access apps, open and review sensitive information on your phone, or even turn your camera on without you knowing.
Google, owner and operator of the Android OS, has acknowledged the vulnerability. In fact, they were made aware of the hack - and even provided with a potential fix - as early as April 9 by cybersecurity firm Zimperium. Google has assured that a patch would be made available for all customers, but according to Zimperium, a fix still isn't largely available.
Although Google has likely developed a patch to this vulnerability, due to Android's dependence on carriers and phone manufacturers, the company can't simply push the fix directly to user's devices, as main rival Apple has the luxury to do. The fix must be coordinated with disparate manufacturer platforms (Samsung, LG, Motorola, etc.) and then disseminated through the carriers (AT&T, Verizon, T-Mobile, and Sprint - just to name a few...). Google claims they have delivered a solution to its carriers, but it is still unclear whether or not the solution has been passed along to their users.
Until security firms like Zimperium declare this issue clear, Android users can disable auto-fetching of multi-media messages by accessing the Settings menu within their default messaging app. Tap Settings -> Advanced -> (deselect) Auto-retrieve MMS messages.
Users can find detailed instructions here