Android phones can get infected by merely receiving a picture via text message, according to research published Monday.
CNN reported that this is probably the biggest smartphone flaw ever. It is said to affect over 950 million phones worldwide. That’s about 95% of the Androids in use today.
The problem stems from the way Android phones analyze incoming text messages.
Even before you open a message, the phone automatically processes incoming media files — including pictures, audio or video.
That means a malware-laden file can start infecting the phone as soon as it’s received, according Zimperium, a cybersecurity company that specializes in mobile devices.
According to Fortune all a hacker needs is someone’s cell phone number. Then they just send a malware-laced multimedia message to your phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions.
Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the malware-laced message before a victim has any idea.
That would mean a user might have no idea that his or her device has been compromised.
Zimperium said it warned Google about the flaw on April 9th and even provided a fix.
The company claims Google responded the very next day, assuring a patch would be shared with customers in the future ABC7 reported.
Typically, in these situations, companies are given a 90-day grace period to issue a fix. It’s a rule even Google abides by when it finds flaws in others’ software.
But it’s been 109 days, and no fix is widely available so Zimperium is now going public with the news.
Google says it sent the patch to the phone companies – AT&T, Verizon, amd the makers of the phones like Samsung. They now need to work together to send out the software updates.
That’s different from Apple, which has more of a “closed” distribution, sending out it’s own updates to iPhones.