David Becker, Getty Images
Industryweek 9210 072815androidvulnerabilityhackertext
Industryweek 9210 072815androidvulnerabilityhackertext
Industryweek 9210 072815androidvulnerabilityhackertext
Industryweek 9210 072815androidvulnerabilityhackertext
Industryweek 9210 072815androidvulnerabilityhackertext

Android Flaw Allows Hackers Access Through Texts

July 28, 2015
'These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.'

SAN FRANCISCO — Cyber security firm Zimperium warned of a flaw in the world’s most popular smartphone operating system that lets hackers take control with a text message.

“Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message),” Zimperium Mobile Security said in a blog post. “A fully weaponized successful attack could even delete the message before you see it. You will only see the notification.”

Android code dubbed Stagefright was at the heart of the problem, according to Zimperium. Stagefright automatically pre-loads video snippets attached to text messages to spare recipients from the annoyance of waiting to view clips. Hackers can hide malicious code in video files and it will be unleashed even if the smartphone user never opens it or reads the message, according to research by Zimperium’s Joshua Drake.

“The targets for this kind of attack can be anyone,” the cyber security firm said, referring to Stagefright as the worst Android flaw discovered to date. “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.”

Malicious code executed by hackers could take control of smartphones and plunder contents without owners knowing.

Stagefright imperils some 95%, or an estimated 950 million, of Android phones, according to the security firm.

Zimperium said that it reported the problem to Google and provided the company with patches to prevent breaches.

“Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that’s only the beginning of what will be a very lengthy process of update deployment,” Zimperium said.

It did not appear as though hackers had taken advantage of the Stagefright vulnerability, according to Zimperium.

Updating Android software powering mobile devices is controlled by hardware makers and sometimes telecommunication service carriers, not Google.

While Apple controls the hardware and software in iPhones, iPads, and iPods powered by its mobile operating system, Google makes Android available free to device makers who customize the code and update it as they see fit.

More about Drake’s research is scheduled to be disclosed at a Black Hat computer security conference taking place in Las Vegas early in August.

Copyright Agence France-Presse, 2015

Popular Sponsored Recommendations

Empowering the Modern Workforce: The Power of Connected Worker Technologies

March 1, 2024
Explore real-world strategies to boost worker safety, collaboration, training, and productivity in manufacturing. Emphasizing Industry 4.0, we'll discuss digitalization and automation...

3 Best Practices to Create a Product-Centric Competitive Advantage with PRO.FILE PLM

Jan. 25, 2024
Gain insight on best practices and strategies you need to accelerate engineering change management and reduce time to market. Register now for your opportunity to accelerate your...

How Manufacturers Can Optimize Operations with Weather Intelligence

Nov. 2, 2023
The bad news? Severe weather has emerged as one of the biggest threats to continuity and safety in manufacturing. The good news? The intelligence solutions that build weather ...

Transformative Capabilities for XaaS Models in Manufacturing

Feb. 14, 2024
The manufacturing sector is undergoing a pivotal shift toward "servitization," or enhancing product offerings with services and embracing a subscription model. This transition...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!