Feature Article

Free eNews Subscription>>
July 28, 2015

Text Message Hack Reveals Android's Vulnerability

A few months ago, iPhone users discovered a bug in which receiving a cryptic text message filled with Arabic characters would cause the phone to crash and restart. Apple eventually was able to submit a patch to correct this bug, and all was right with the world.

Now however, smartphones running Android software are falling prey to a very similar bug, but one with much more dire consequences. Much like the bothersome May bug that plagued iPhone, this malware, nicknamed “Stagefright” can be activated merely by sending a text message to an Android phone. However, instead of merely causing the phone to restart, Stagefright allows a hacker access to the phone’s data, camera, and microphone, and the freedom to do whatever they wish with the information they glean. The average phone user would not even be able to tell that anything had happened.

What’s more troubling is that the malevolent message does not even have to be opened or viewed by the phone’s owner in order to start wreaking havoc, says the vice president of research and exploitation at Zimperium zLabs (a mobile security firm), Joshua Drake. “These vulnerabilities are extremely dangerous because they do not require that the victim to take any action to be exploited.” Unlike, for example, malware sent through a computer, this latest hack does not require the user to open a dodgy attachment or respond to a message in order to fall victim.

Zimperium said they alerted Google that their Android software was vulnerable to an attack like this as early as April, and Google released a patch for the bug within two days. However, many phones are still left unprotected because it takes time for the patch to be adapted to Android software across different phones by different makers. Unlike Apple, which can release a patch and immediately push it to nearly all iPhones, Android must work many different versions of new software to fit phones by Samsung, HTC, or other companies that build Android phones.

The good news? Vulnerabilities like these are “exceedingly rare,” says Chris Wysopal, chief tech and information security officer for Veracode, an application security firm. But, he adds, they “pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.” Mobile service providers need to focus overtime on making sure their devices are protected from these passive malwares.    

Edited by Dominick Sorrentino

FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter