Android Phone Hack via Text Message

Since this has been on CNN and a dozen others, it is likely you’ve already heard about it, but just in case…

This is why I have a fairly stupid “flip phone” and not a smart phone. It is also why my Android Tablet does NOT have a telephone radio built into it nor phone service on it and why it only has WiFi if I turn on my external WiFi hot spot and / or choose to connect at Starbucks. (Or home). I want 100% control of when and what gets communicated to and from my devices.

Bold mine:

http://money.cnn.com/2015/07/27/technology/android-text-hack/index.html

Android phones can get infected by merely receiving a picture via text message, according to research published Monday.

This is likely the biggest smartphone flaw ever discovered. It affects an estimated 950 million phones worldwide — about 95% of the Androids in use today.

The problem stems from the way Android phones analyze incoming text messages. Even before you open a message, the phone automatically processes incoming media files — including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it’s received, according Zimperium, a cybersecurity company that specializes in mobile devices.

If this sounds familiar, that’s because this Android flaw is somewhat like the recent Apple text hack.

But in that case, a text message with just the right characters could freeze an iPhone or force it to restart. This Android flaw is worse, because a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera.

In a statement to CNNMoney, Google (GOOGL, Tech30) acknowledged the flaw. It assured that Android has ways of limiting a hacker’s access to separate apps and phone functions. Yet hackers have been able to overcome these limitations in the past.

The bug affects any phone using Android software made in the last five years, according to Zimperium. That includes devices running Android’s Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop iterations (Google names its Android versions alphabetically after desserts).

Worse, the text displays an image (that could be quite small) and then with control taken, can wipe the image. Leave your phone on at night, this can happen at 2 AM and you would never know and never see the message or the image.

This is also why I will not use a phone as a means of payment. Hack the phone, use it to pay for a load of jewelry from Amazon shipped to a P.O.Box, and the bank account is drained / credit card loaded up. You find out in 30 days when the bill arrives and the P.O.Box is closed. Have a nice day…

The bug / hack is named “Stagefright” and was found by a company named Zimperium.

http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/

While Zimperium says the risks are high for Stagefright to be exploited, and it’s possible that malicious hackers will soon take advantage of the flaw, Android device owners have been dodging at least some malware. In April, Google issued a report claiming that malware installs on Android devices fell by 50 percent in 2014. By the end of the year, Google said that fewer than 1 percent of all Android devices had “potentially harmful applications” installed on them.

According to Zimperium’s blog, it will show exactly how Stagefright works and can be exploited at the Black Hat hacker conference in Las Vegas, which starts August 1.

So in theory not “in the wild” yet, but August 1 is fast approaching.

And people wonder why I don’t spend all day staring at my phone texting, tweeting, and sending images around… Maybe we need a new word… or an acronym… How about TTD (like STD): A Texting Transmitted Disease… for your phones and computers.

Avoid TTDs, just say No! ;-)

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits and tagged , , , , . Bookmark the permalink.

One Response to Android Phone Hack via Text Message

  1. Chris in Calgary says:

    Two things you can do to mitigate this are:
    1) Turn off “auto-retrieve” under MMS in your messenging app settings.
    2) Turn of “accept messages from unknown senders” in the settings.

    More here:
    https://nakedsecurity.sophos.com/2015/07/28/the-stagefright-hole-in-android-what-you-need-to-know/

Comments are closed.