If you use an Android smartphone, beware of one particularly nasty security flaw that lets hackers get into your phone just by sending you a text message.
Most alarming is that the hacker doesn't even need you to read that text message to get in.
The new flaw, as pointed out by NPR, lets hackers send you a message that immediately starts its attack even before you received notification that your phone received the message.
So how does it work? The hacker creates a video with hidden malware and then texts it to your number. The phone receives the message and the malicious code immediately goes to work. This code can do just about anything, like copying and deleting your phone's data, collecting information about your location and even using your camera to monitor everything you say and do.
This vulnerability becomes even more of an issue for those using Hangouts, Google's messaging app. That app processes video immediately, which basically acts as an invite for the malicious code to take over your phone. You're a little safer with your phone's default messaging app, which still requires that you view the message before the code goes to work. Either way, though, you don't have to play the video for the code to do its damage.
"This happens even before the sound that you've received a message has even occurred," says Zimperium security researcher Joshua Drake. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."
The good news is that no hacker has yet used this security flaw and Google has patches to fix the hole. However, with 950 million Android smartphones out there in the world, it's only a matter of time before this vulnerability gets exploited. There's also a big problem with Android: it's up to each phone's manufacturer and each individual's carrier on when and how that update gets applied, so it could take some time before Android smartphones get patched. According to Drake, only about 50 percent of phones will ever get the update.
Unlike the iPhone, which only has one manufacturer, Apple, to deal with, Android smartphone updates are trickier, because each manufacturer has its own way in dealing with updates and patches.
So how can Android users protect themselves? First, since Hangouts seems to have more of a vulnerability, stop using that app. If you see a text message come in from an unknown number, don't look at it and delete it immediately.
Via: Gizmodo
Photo: Jeff Blackler | Flickr