Skip to main content

Any Android Phone could be Hacked with a Simple MMS

Security expert Joshua Drake, vice president of platform research and exploitation at mobile security firm Zimperium has developed an exploit which can hack virtually any Android phone out there just by sending a slightly modified multimedia message (MMS).

android hack mms

According to Drake, for the exploit to work you only to know the victim’s phone number. The vulnerabilities were found in a core Android component called Stagefright, responsible for playing and recording. Once a MMS is received it would download video with embedded multimedia content on its own from the web, thus allowing for remote code execution.

Thus, in many situations, the receiver doesn’t have to do anything for the hack to take place. The stock Messenger app won’t do anything until you see the message, but apps such as Hangouts usually pre-process media attachments which could trigger the exploit. While the security researcher isn’t sure how many apps use Stagefright, he assumes that any app that handles media files is linked somewhat to the framework.

What makes this exploit particularly dangerous is that no interaction is required from the user for it to activate itself. As Drake has pointed out, you could received malicious MMS when you’re asleep and your phone is on silent mode; and when you wake up, even if you delete the message, there’s a high risk that your device has already been infested.

But it seems that Google is already working hard behind the curtains to fix the loopholes, mainly thanks to the research who created the necessary patches and shared them with Google. The Android maker has already pushed out a fix to its hardware partners but it depend on your phone’s manufacturer as to when you’ll receive it, as well.

Drake estimates that over 95 percent of Android devices are still affected, and that’s because of the slow rollout of Android updates. If the attackers manage to exploit the vulnerabilities they could get access to the microphone, camera and the external storage partition, but won’t be able to install applications or access their internal data. But Drake estimates that on around 50 percent of the affected devices the framework runs with system privileges, which means malevolent parties could allegedly gain root access and therefore complete control of the device.

© Raju PP for Technology Personalized, 2015. This Feed is for personal non-commercial use only. If you are not reading this material in your news aggregator, the site you are looking at is guilty of copyright infringement. Please contact us, so we can take legal action immediately. If you are on Twitter you can follow me @rajupp! | Permalink |

The post Any Android Phone could be Hacked with a Simple MMS appeared first on Technology Personalized.


Related Stories

from Technology Personalized


Popular posts from this blog

How to Get SMS Alerts for Gmail via Twitter

How do you get SMS notifications on your mobile phone for important emails in your Gmail? Google doesn’t support text notifications for their email service but Twitter does. If we can figure out a way to connect our Twitter and Gmail accounts, the Gmail notifications can arrive as text on our mobile via Twitter. Let me explain:Twitter allows you to follow any @user via a simple SMS. They provide short codes for all countries (see list) and if you text FOLLOW to this shortcode following by the  username, any tweets from that user will arrive in your phone as text notifications. For instance, if you are in the US, you can tweet FOLLOW labnol to 40404 to get my tweets as text messages. Similarly, users in India can text FOLLOW labnol to 9248948837 to get the tweets via SMS.The short code service of Twitter can act as a Gmail SMS notifier. You create a new Twitter account, set the privacy to private and this account will send a tweet when you get a new email in Gmail. Follow this account …

Another SEO tool drops the word “SEO”

This guest post is by Majestic’s Marketing Director, Dixon Jones, who explains the reasons for their recent name change.
Majestic, the link intelligence database that many SEOs have come to use on a daily basis, has dropped the “SEO” from it’s brand and from its domain name, to become Since most people won’t have used Google’s site migration tool before, here’s what it looks like once you press the “go” button:

In actual fact – there’s a minor bug in the tool. The address change is to the https version of (which GWT makes us register as a separate site) but that message incorrectly omits that. Fortunately, elsewhere in GWT its clear the omission is on Google’s side, not a typo from the SEO. It is most likely that the migration tool was developed before the need for Google to have separate verification codes for http and https versions of the site.
The hidden costs of a name change
There were a few “nay sayers” on Twitter upset that Majestic might be deserting it…

6 types of negative SEO to watch out for

The threat of negative SEO is remote but daunting. How easy is it to for a competitor to ruin your rankings, and how do you protect your site? But before we start, let’s make sure we’re clear on what negative SEO is, and what it definitely isn’t.Negative SEO is a set of activities aimed at lowering a competitor’s rankings in search results. These activities are more often off-page (e.g., building unnatural links to the site or scraping and reposting its content); but in some cases, they may also involve hacking the site and modifying its content.Negative SEO isn’t the most likely explanation for a sudden ranking drop. Before you decide someone may be deliberately hurting your rankings, factor out the more common reasons for ranking drops. You’ll find a comprehensive list here.Negative off-page SEOThis kind of negative SEO targets the site without internally interfering with it. Here are the most common shapes negative off-page SEO can take.Link farmsOne or two spammy links likely won’…