SAN FRANCISCO (KPIX 5) — A major security flaw on Android phones let’s hackers break in with a single text message. To make matters worse, you don’t even have to open the message to get hacked.

According to mobile security firm Zimperium, hackers need only send the bug to a smartphone and they can take control of the device, and get access to personal information stored on the handset.

READ MORE: Millbrae Resident Sleeping In Bed Robbed In Home Invasion

“The attacker can send a specially crafted MMS file that is automatically parsed, and then the phone will be infected,” said CTO/Zimperium Founder Zuk Avraham. “It can also be triggered via other means like browsers — Chrome or Firefox — whenever you go to any website that has this specific vulnerability.”

Google learned of the vulnerability a few months ago and has tried to fix it.

READ MORE: UPDATE: Cal Fire Crews Reach 80% Containment on Fremont Fire Near Napa-Sonoma County Line

“The security of users is extremely important to us, so we’ve already responded quickly to this issue by sending the fix for all Android devices to our partners,” said a spokesperson.

But unlike Apple’s mobile operating system iOS, updates to the Android platform are distributed through wireless carriers and phone manufacturers. It’s up to them to push out updates to users. If they don’t push it out, users won’t get it.

“Android users could stop using all messaging apps on their phones, but that is very unlikely,” said Laura Hautala of “So essentially we need to wait for the patches to come out.”

MORE NEWS: New Wildfire Breaks Out Near Shasta Lake, Quickly Grows to 50 Acres

The security firm that discovered the bug suggests Android users update to the latest version. Unfortunately there’s no guarantee the patch has been applied.