A flaw found in Android’s software puts 95% of users at risk of being hacked, according to a security research company.
New research has exposed what’s being called potentially the biggest smartphone security flaw ever discovered. According to the mobile security company Zimperium, Android phones can be hacked by simply receiving a picture via text message. Zimperium says the flaw affects 95% of Androids currently in use — an estimated 950 million phones worldwide.
You don’t even have to open the text to be affected
The way Androids analyze incoming messages with media files — text messages that include audio, video or pictures — allows the phone to potentially be infected before you even open the message. Androids automatically begin processing media files as they are received, using a built-in playback tool called Stagefright. And that means, once the phone receives a message with malware, it could potentially be infected immediately, allowing hackers to gain complete control, including access to any personal information stored in the device.
According to Zimperium, the flaw affects any Android phone using software made in the last five years. The company says it told Google about the problem back in April, but since a fix still hasn’t been released, Zimperium decided to go public with the news about the potential threat.
Read more: How to limit spying on your phone habits
Updating Android users’ software is already a bit of a slow process and it can take a while for a fix to actually get to people’s smartphones, since Android updates have to through various phone makers and wireless service providers, unlike Apple iOS updates, which Apple can push to all iPhone users at the same time.
A Google spokeswoman told CNET that patches have been provided, but didn’t offer any specifics regarding how many Android users actually have access to them.
‘The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device,’ the spokeswoman said. ‘Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.’
Make it harder for your device to be exploited
Don’t go into complete fear mode after reading this article. What you should do instead is be proactive.
First, download the Stagefright Detector app and run it on your device. It will tell you if you’re susceptible to attack and even adjust your settings to give you some interim protection.
Second, you should disable auto-fetching of MMS for any messaging apps you use. Outlook.com has a step-by-step guide with screenshots for Hangouts and Messenger, among others.
We’ll continue to keep this page updated with new info as it becomes available!