Android phones may be hacked with just a message
It’s the biggest smartphone flaw ever and affects about 950 million phones around the world — that’s about 95% of the Androids being used these days. According to CNN/Money, the problem stems from the way Android phones analyze incoming text messages. Even before you open a message, the phone automatically processes incoming media files — including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it’s received, according to Zimperium, a cybersecurity company that specializes in mobile devices.
If this sounds familiar, that’s because this Android flaw is somewhat like the recent Apple text hack.
But in that case, a text message with just the right characters could freeze an iPhone or force it to restart. This Android flaw is worse, because a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera.
In a statement to CNNMoney, Google acknowledged the flaw. It assured that Android has ways of limiting a hacker’s access to separate apps and phone functions. Yet hackers have been able to overcome these limitations in the past.
The bug affects any phone using Android software made in the last five years, according to Zimperium. That includes devices running Android’s Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop iterations (Google names its Android versions alphabetically after desserts).
Typically, in these situations, companies are given a 90-day grace period to issue a fix. It’s a rule even Google abides by when it finds flaws in others’ software.
But it’s been 109 days, and a fix still isn’t largely available. That’s why Zimperium is now going public with the news.
The issue now is how quickly Google will manage to fix this for everybody. While Apple can push out updates to all iPhones, Google can’t.
Google is notorious for having a fractured distribution system. Several entities stand in between Google and its users, and they routinely slow down the release of new software. There’s phone carriers — like AT&T and Verizon — and makers of physical devices — like Samsung — all of which need to work together to issue software updates.
One CommentLeave a Reply
As Microsoft says, this is a feature not a bug! Presporting elements of a complex “text” message is designed in but, as with so many features, that may not be the best way to do it. Far too often the developers think what else can they do to make their product better only to add things that either few users really need or that open the door to all kinds of misuse.
And with Google’s poorly controlled distribution system, fixing these problems becomes a problem itself. They should start requiring all the Android users implement the same OS code on their platforms, That would let them solve issues like this and others with a push update as easy as Apple does. The phone suppliers and carriers could distinguish their products and companies by first just making them work better, as in making more reliable phone calls. And second by giving users the OPTION of installing a company or carrier’s unique applications and exclusive feature sets on top of the OS rather than integrated into it.