You’d think that with a name like that, you’d be safe, would you not? But it turns out, Android phones are easily hackable through MMS messages containing a certain type of video file. Through this hack, anyone who has your phone number can essentially get a hold of your phone. Literally.
The project implies sending encrypted command codes which can trigger specific functions on your phone. Hackers could easily take a selfie (which would not technically be a selfie anymore) of you. If you don’t remember, MMS stands for multimedia messages, and implies sending images or videos restricted to a certain size via the instant messaging service offered by your cellular provider.
Of course, to do this, you have the exploit the coding of Google’s Android to the limit. But it works. It was discovered by Joshua Drake, the vice president of Zimperium, a mobile security firm which specializes in finding inherent flaws in mobile devices across all platforms and exploiting them. Why do they do this?
Well, there’s a catch. Would you rather the hackers do and not tell anyone, or Zimperium, or other companies like them, and immediately make a case about it which would probably prompt the makers of the OS to upgrade its security? In the former case, nobody would know that people are able to search through your phone freely.
The Stagefright component of Android is the culprit here. Its function is related to multimedia files received in messages. When you get a video MMS, you have to click it, download the video in your preinstalled browser, and then play it through the phone’s default player. Now, if the video were to be specifically designed to hack your phone, this would trigger a specific set of commands letting he who sent the message control our phone.
The example that Drake gives is that supposedly someone sends you one of these messages at night. You don’t even need to see the message. If it’s automatically downloaded (as most phones do) than he will have access. He can subsequently silence your ringtone, and then delete the message. When you wake up and realize it’s 10 AM and you’re late for work, you’ll see your phone is on silent, and won’t know why.
Pretty frightening, isn’t it? Apparently, the possibilities are endless for the hacker, once the message has been downloaded into your phone. No matter what Android phone.
Google has proceeded to thank Joshua Drake for the notification, and has already sent all its official partners patches so as to fix this problem. Have you received yours?
Image source: staticworld.net