Skip to main content

Any Android Phone could be Hacked with a Simple MMS

Security expert Joshua Drake, vice president of platform research and exploitation at mobile security firm Zimperium has developed an exploit which can hack virtually any Android phone out there just by sending a slightly modified multimedia message (MMS).

android hack mms

According to Drake, for the exploit to work you only to know the victim’s phone number. The vulnerabilities were found in a core Android component called Stagefright, responsible for playing and recording. Once a MMS is received it would download video with embedded multimedia content on its own from the web, thus allowing for remote code execution.

Thus, in many situations, the receiver doesn’t have to do anything for the hack to take place. The stock Messenger app won’t do anything until you see the message, but apps such as Hangouts usually pre-process media attachments which could trigger the exploit. While the security researcher isn’t sure how many apps use Stagefright, he assumes that any app that handles media files is linked somewhat to the framework.

What makes this exploit particularly dangerous is that no interaction is required from the user for it to activate itself. As Drake has pointed out, you could received malicious MMS when you’re asleep and your phone is on silent mode; and when you wake up, even if you delete the message, there’s a high risk that your device has already been infested.

But it seems that Google is already working hard behind the curtains to fix the loopholes, mainly thanks to the research who created the necessary patches and shared them with Google. The Android maker has already pushed out a fix to its hardware partners but it depend on your phone’s manufacturer as to when you’ll receive it, as well.

Drake estimates that over 95 percent of Android devices are still affected, and that’s because of the slow rollout of Android updates. If the attackers manage to exploit the vulnerabilities they could get access to the microphone, camera and the external storage partition, but won’t be able to install applications or access their internal data. But Drake estimates that on around 50 percent of the affected devices the framework runs with system privileges, which means malevolent parties could allegedly gain root access and therefore complete control of the device.

© Raju PP for Technology Personalized, 2015. This Feed is for personal non-commercial use only. If you are not reading this material in your news aggregator, the site you are looking at is guilty of copyright infringement. Please contact us, so we can take legal action immediately. If you are on Twitter you can follow me @rajupp! | Permalink |

The post Any Android Phone could be Hacked with a Simple MMS appeared first on Technology Personalized.


Related Stories

from Technology Personalized


Popular posts from this blog

How to Get SMS Alerts for Gmail via Twitter

How do you get SMS notifications on your mobile phone for important emails in your Gmail? Google doesn’t support text notifications for their email service but Twitter does. If we can figure out a way to connect our Twitter and Gmail accounts, the Gmail notifications can arrive as text on our mobile via Twitter. Let me explain:Twitter allows you to follow any @user via a simple SMS. They provide short codes for all countries (see list) and if you text FOLLOW to this shortcode following by the  username, any tweets from that user will arrive in your phone as text notifications. For instance, if you are in the US, you can tweet FOLLOW labnol to 40404 to get my tweets as text messages. Similarly, users in India can text FOLLOW labnol to 9248948837 to get the tweets via SMS.The short code service of Twitter can act as a Gmail SMS notifier. You create a new Twitter account, set the privacy to private and this account will send a tweet when you get a new email in Gmail. Follow this account …

Instagram Story links get 15-25% swipe-through rates for brands, publishers

Instagram may arrived late as a traffic source for brands and publishers, but it’s already showing early signs of success, driving new visitors to their sites and even outperforming its parent company, Facebook.For years brands, publishers and other have tried to push people from the Facebook-owned photo-and-video-sharing app to their sites. Outside of ads and excepting a recent test with some retailers, Instagram didn’t offer much help to companies looking to use it to drive traffic. So they had to find workarounds. They put links in their Instagram bios. They scrawled short-code URLs onto their pictures. And they typed out links in their captions.Then last month Instagram finally introduced an official alternative to these hacky workarounds: the ability for verified profiles to insert links in their Instagram Stories.Almost a month after the launch, 15% to 25% of the people who see a link in an Instagram Story are swiping on it, according to a handful of brands and publishers that h…

Crimson Hexagon Now Offers Access To Tumblr Firehose

Analytics provider Crimson Hexagon announced today that it has joined Tumblr’s Preferred Data Partners program, and now can offer customers access to insights about Tumblr’s full firehose of public activity.Boston-based Crimson Hexagon provides analytics for brands and agencies, analyzing consumer behavior on Twitter, Facebook, Instagram, Sino Weibo, Google+, YouTube, blogs, forums, review sites and other online platforms. The Tumblr integration offers Tumblr data for all public posts since October 2014 and will enable customers to track brand mentions and logos, measure conversation volumes and analyze sentiment drivers on Yahoo’s network.Crimson Hexagon has given several clients beta access to Tumblr data since the beginning of the year; among them is marketing agency VML, which has been pleased with the results.“By using Crimson Hexagon’s Tumblr data, we have expanded our view of online conversation, which allows us to discover new communities of brand-loyal customers for our clien…