SAN FRANCISCO (KPIX 5) — A major security flaw on Android phones let’s hackers break in with a single text message. To make matters worse, you don’t even have to open the message to get hacked.
According to mobile security firm Zimperium, hackers need only send the bug to a smartphone and they can take control of the device, and get access to personal information stored on the handset.
“The attacker can send a specially crafted MMS file that is automatically parsed, and then the phone will be infected,” said CTO/Zimperium Founder Zuk Avraham. “It can also be triggered via other means like browsers — Chrome or Firefox — whenever you go to any website that has this specific vulnerability.”
Google learned of the vulnerability a few months ago and has tried to fix it.
“The security of users is extremely important to us, so we’ve already responded quickly to this issue by sending the fix for all Android devices to our partners,” said a spokesperson.
But unlike Apple’s mobile operating system iOS, updates to the Android platform are distributed through wireless carriers and phone manufacturers. It’s up to them to push out updates to users. If they don’t push it out, users won’t get it.
“Android users could stop using all messaging apps on their phones, but that is very unlikely,” said Laura Hautala of CNET.com. “So essentially we need to wait for the patches to come out.”
The security firm that discovered the bug suggests Android users update to the latest version. Unfortunately there’s no guarantee the patch has been applied.