A simple text message can open your Android phone to malicious attacks. And not just your phone, but those of millions of other users of Google’s popular mobile operating system.
At least 900 million Android users now face the risk of losing control over their handsets to hackers following a disclosure by cybersecurity firm Zimperium that shows the ease with which hackers can gain access to your device via an image attached to a text message.
An Android phone works to analyze various media files before the recipient opens the message. That’s the default setting. If the message contains malware, your phone can get infected immediately after processing the message in the background.
Because of the flaw, attackers will be able to wipe the device clean of data, take control of the installed apps or turn other features on such as the camera.
Google acknowledged the vulnerability, and vowed to issue a patch for the flaw a couple of months ago, according to Zimperium. The promised patch was meant to restrict hackers from gaining access to the phone’s apps and built-in features. But experts believe many attackers with advanced skills will be able to circumvent the hurdle.
Android phones produced since 2010 are believed to be affected by the bug, from the Froyo to the Lollipop versions. That’s quite a number of Android phones!
Google has not yet released a patch for the flaw, despite immediate efforts by the researchers to notify the software giant of the bug.
Of course that is understandable from a developer’s point of view. Unlike Apple or Microsoft which can roll out rapid fixes to any bug discovered in their operating systems, Google will clearly have to go through a complicated web of carriers and original equipment manufacturers before it completes the deployment of a patch. In other words, it is the diverse ecosystem of Android — the different versions in use, wide variety of phones and slight modifications made by every OEM — that is preventing Google from implementing an across the board fix.
Luckily for Nexus users, a patch is already available. Again, that’s quite understandable since Nexus is Google’s homemade device. For users of Samsung and other third-party handsets, the wait seems to take some time. At the moment, it looks like a huge avalanche of malicious text messages is coming our way, unless Google finds a method to remotely send updates to Android phones of different manufacturers.