Stagefright: Android’s gaping hole lets hackers take over your phone with a text message
Researchers at Zimperium Mobile Security have discovered a new vulnerability in Android smartphones that allows hackers to remotely access a device by simply sending a multimedia text message.
Researchers at Zimperium Mobile Security have discovered a new vulnerability in Android smartphones that allows hackers to remotely access a device by simply sending a multimedia text message.
Dubbed Stagefright, the vulnerability exists in an Android media library of the same name. It is considered highly dangerous, as hackers are able to exploit it without the need for user interaction.
"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS," wrote Zimperium on its official blog. "A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."
Stagefright is present in every version of Android since Froyo (Android 2.2), and versions older than Jelly Bean (4.2) are reportedly at greater risk. Over 950 million Android devices are thought to be affected.
Google has already patched the vulnerability in its own internal code, but due to the way in which most Android updates are distributed, some devices may never see a fix.
In lieu of a security update, users can protect themselves against the attack by disabling automatic MMS retrieval in their messaging app of choice. This can be found under Advanced Settings in Google Messenger, and under SMS in Google Hangouts. Other messaging apps should all have similar settings. After applying these settings, users are advised against opening MMSs from unfamiliar numbers.
