EditorialsYoda Advice

Android Exploit Allows Hackers To Take Over Your Phone Via MMS

stagefright_v2_breakdown-e1438001259526-1024x266

Yet another vulnerability of Android is exposed

While we know that any device can be hacked, we feel safe in the knowledge that it usually takes some kind of user participation to begin the process, like opening an errant link that’s clearly malware or something similar. A new Android exploit however, allows people to take over your phone by just sending an MMS message without any kind of user participation whatsoever – just need to receive a malware-ridden MMS and it’s all over, according to mobile security firm Zimperium.

Cat1

The reason why this exploit is so effective is that Android’s own framework, a software library dubbed Stagefright, aids in the processing of the malicious content without user intervention. This is possible because Stagefright processes multimedia files, just like those in MMS, immediately after it receives it. And since Stagefright is written in C++, in a “near the metal” programming language according to Zimperium, it’s much more vulnerable to memory corruption compared to Android’s native Java language.

One silver lining is that before publishing their findings, Zimperium already reported the issue to Google back in April, and Google has taken steps to plug the vulnerabilities. The problem is that it now falls on Google’s manufacturing partners (i.e. the people who actually builds the phones) to roll out the fixes to their devices. The most vulnerable devices are ones that run Android 4.4 and below – ironically the phones that won’t be affected by the vulnerability are devices that run Android 2.2 and below.

Source

John Nieves

John is a veteran technology and gadget journalist with more than 10 years of experience both in print and online. When not writing about technology, he frequently gets lost in the boonies playing soldier.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button