According to a report by Forbes, six critical vulnerabilities have left 95% of Androids open to an attack delivered by a simple multimedia text, as pointed out by mobile security expert Joshua Drake from Zimperium zLabs. The researcher warns that in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data.
Dubbed as “the worst Android flaws ever uncovered”, these vulnerabilities haven’t been fixed by most manufacturers, despite the fact they were reported for the first time back in April, and Google has already sent out patches to its partners as well. “All devices should be assumed to be vulnerable,” Drake, vice president of platform research and exploitation at Zimperium said. According to him, as many as 950 million Android phones could be affected, except for those phones that are still on Android version 2.2 or below.
“The weaknesses reside in Stagefright, a media playback tool in Android. They are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data. All attackers would need to send out exploits would be mobile phone numbers, Drake noted. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions”.
To read more about the how the hack works, hit up the source article.