SAN FRANCISCO (KPIX 5) — A major security flaw on Android phones let’s hackers break in with a single text message. To make matters worse, you don’t even have to open the message to get hacked.

According to mobile security firm Zimperium, hackers need only send the bug to a smartphone and they can take control of the device, and get access to personal information stored on the handset.

READ MORE: UPDATE: Crews Respond To Structure Fire In Oakland

“The attacker can send a specially crafted MMS file that is automatically parsed, and then the phone will be infected,” said CTO/Zimperium Founder Zuk Avraham. “It can also be triggered via other means like browsers — Chrome or Firefox — whenever you go to any website that has this specific vulnerability.”

Google learned of the vulnerability a few months ago and has tried to fix it.

READ MORE: CA Election Officials Want Newsom Recall Held After Mid-September

“The security of users is extremely important to us, so we’ve already responded quickly to this issue by sending the fix for all Android devices to our partners,” said a spokesperson.

But unlike Apple’s mobile operating system iOS, updates to the Android platform are distributed through wireless carriers and phone manufacturers. It’s up to them to push out updates to users. If they don’t push it out, users won’t get it.

“Android users could stop using all messaging apps on their phones, but that is very unlikely,” said Laura Hautala of “So essentially we need to wait for the patches to come out.”

MORE NEWS: UPDATE: Evacuation Orders Lifted After Vallejo Crews Knock Down 4-Alarm Brush Fire

The security firm that discovered the bug suggests Android users update to the latest version. Unfortunately there’s no guarantee the patch has been applied.