Android OS is prone to hacking with just a single text message, claims a security research company.
There's an outrage happening right now regarding this newly-discovered Android OS vulnerability. Zimperium, a security research company, have discovered a dangerous loophole on this famous OS. It turned out that bad guys can actually steal crucial information inside your Android device with just one text message. How can that possibly happen?
It works like this according to Zimperium via NPR: bad guy creates a short video, hides the malware inside it and texts it to the victim's number. As soon as it's received by the phone, it does its initial processing, which triggers the vulnerability.
The dilemma occurs on this media playback tool called Stagefright that works in sync with Google's Hangouts and is built into Android. Anyhow, Cnet explains that the risk for the device might be exploited depends on the messaging platform a person use. Those using the standard Messenger app built into Android would need to open the text message (but not necessarily watch the video) to fall victim to this stealthy hacking. Those who are running Google's Hangouts app to handle text messaging, however, need not even open the application. As soon as Hangouts receives the text, it processes the video and the hacker is in.
However, Google had already been alarmed about this. NPR reported that the Zimperium expert already shared his findings with Google in April and May. He even sent along patches to fix the bugs. Within 48 hours there was a confirmation from Google that they accepted all of the patches. However the problem lies on the huge Android network and partners, Zimperium said. Google may be quick to send out the patches but Zimperium estimates only 20 percent to 50 percent of Android devices out there will actually get the updates due to vendors being slow to react -- if they react at all.
Moreover, Cnet says Google's Android software has been highly susceptible to security flaws for years, mostly because of the open design that makes it a popular alternative to Apple's iOS. In the first quarter, 99 percent of mobile malware targeted Android devices, according to security firm F-Secure. In fact, Google has this rewards program that pays researchers cash for finding bugs and vulnerabilities that may be exploited in the operating system. They have paid more or less $4 million since its bug bounties started in 2010.
Meanwhile, Gizmodo advises Android users to stop using Hangouts to avoid getting victimized by potential hackers. Most other texting apps won't immediately download a video until you open the text, unlike Hangouts. It's still risky, but at least you can see an unknown number and delete it if you're still bothered.
The good news is that, this issue hasn't been utilized by hackers yet. And hopefully, millions of Android devices will get patched before somebody else takes advantage of this Android vulnerability.
Join the Conversation