A Single Text Can Hack 950 Million Android Phones

According to a report by Forbes, six critical vulnerabilities have left 95% of Androids open to an attack delivered by a simple multimedia text, as pointed out by mobile security expert Joshua Drake from Zimperium zLabs. The researcher warns that in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data.


Dubbed as “the worst Android flaws ever uncovered”, these vulnerabilities haven’t been fixed by most manufacturers, despite the fact they were reported for the first time back in April, and Google has already sent out patches to its partners as well. “All devices should be assumed to be vulnerable,” Drake, vice president of platform research and exploitation at Zimperium said. According to him, as many as 950 million Android phones could be affected, except for those phones that are still on Android version 2.2 or below.

“The weaknesses reside in Stagefright, a media playback tool in Android. They are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data. All attackers would need to send out exploits would be mobile phone numbers, Drake noted. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions”.

To read more about the how the hack works, hit up the source article.

“Technology runs through my veins...” | Follow me: @DrUsmanQ usman@iPhoneinCanada.ca

  • Olivier

    Will the mainstream medias talk about this on the news? Of course not because it’s on Android. When a similar flaw was discovered on iOS, everybody was talking about it.

  • Pretty much. Hard to release updates when carriers need to test them with so many devices, etc.

  • Fiddlesticks

    I echo Olivier’s sentiment. Had this happened with iOS devices, like that “effective power” text message in Arabic, crashing all devices, it’ll be on the front page of all tech. websites. But since this is Android, it isn’t as important. Meh.

  • Yeah, it’s best this is all hush, hush. An update today won’t hit most phones til Christmas unless they’re on a Nexus Device.