Flaw in Android Allows Hackers to Break in and Control Your Smartphone With a Text Message

Shutdown Android Devices
A flaw in Android can allow hackers to break in and take control of your smartphone.

A simple test message or an SMS could allow a hacker to break in and ultimately take full control of your Android-powered smartphones because of a flaw in the world's most popular operating system, warned San Francisco-based mobile security firm Zimperium.

"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS," Ziperium said in a blog posted on its web site. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual - with a trojaned phone,"

Zimperium identified the Android called "Stagefright" at the heart of the problem. The mobile security firms Stagefright allows for automatic pre-load of video snippets attached to messages that hastens download of video clips.

Zimperium researcher Joshua Drake said that the issues in Stagefright is "the worst Android vulnerabilities discovered to date" as it exposes some 95% of Android-powered devices, estimated to be around 950 million devices.

With this Android flaw, hackers can exploit device's vulnerability by hiding a malicious code in video files and can activate it even if the user does not open or reads the message. The hacker can then take full control of the smartphone, Zimperium reiterated.

"The targets for this kind of attack can be anyone," Zimperium said and added, "These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."

Zimperim said Drake's findings would be presented at Black Hat USA on August 5 and DEF CON 23 on August 7. It added that Stagefright exposes an Androide device "to multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction."

Fortunately, Zimperium said it reported the issue to Google and provided the portal giant with patches to resolve the problem and prevent hackers from breaching into Android devices.

The company further stated, "In this unique scenario, Zimperium not only reported the vulnerability to the Google teams, but also submitted patches. Considering severity of the problem, Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that's only the beginning of what will be a very lengthy process of update deployment."

Zimperium added that hackers may have not yet discovered this particular flaw in the Android system and has not taken advantage of the Stagefright vulnerability.

    Most Popular
  • Is 'The Last Supper' worth watching? Audience and critics weigh in

    Is 'The Last Supper' worth watching? Audience and critics weigh in

    Faith-based films often receive mixed reactions, and The Last Supper is no exception. The movie attempts to bring a fresh perspective to one of the most iconic moments in Christian history, but does it succeed? Some reviews from critics and audiences provide insight into its strengths and shortcomings.

  • ‘The Chosen’ Season 5: The darkest season yet—What to know before watching

    The wait is over—The Chosen is back with its fifth season, and this time, things are getting intense. The new episodes dive straight into the final days of Jesus’ life, covering some of the most emotional and dramatic moments in the Bible. If you’ve been following the series, you already know that The Chosen isn’t just about retelling familiar stories—it’s about bringing them to life in a way that feels real.

  • Massacres in Syria: Over 1,000 dead, including Christians and Alawites

    Syria’s coastal regions have been devastated by a series of massacres, with reports indicating that over 1,000 people—many from Christian and Alawite communities—have been killed in brutal attacks. Entire families have been wiped out, and survivors are fleeing in search of safety as sectarian violence escalates.

  • Kim Sae-ron and Wheesung: The tragic irony of Korean society and the principles of happiness

    Not long ago, the media was in an uproar over actress Kim Sae-ron’s passing. Just months before, the same people who had relentlessly criticized her for her DUI incident were now expressing sympathy, saying, "The world was too harsh on her." The irony is impossible to ignore.

  • Newsboys move forward as a quartet after Michael Tait’s departure

    After more than a decade as the lead singer of the Newsboys, Michael Tait has officially parted ways with the band, marking a significant shift in the Christian rock group’s lineup. The remaining members—Jeff Frankenstein, Jody Davis, Duncan Phillips, and Adam Agee—have assured fans that they will continue forward, embracing a new season of music and ministry.