A team of mobile security experts at research firm Zimperium have recently discovered an exploit in Android that could let hackers gain access to your mobile device much easier than you’d think. Normally when reports surface regarding Android malware or security flaws, the user would need to either download the affected application or file for the exploit to reach their devices. However, that might not be the case with this recent finding.
According to Joshua Drake, security researcher at Zimperium, here’s how it would work: a hacker creates a malware-laden video, sends you the file through MMS, and that’s it. Depending on which messaging application you’re using, the video could trigger the vulnerability right away. For instance, Hangouts processes videos instantly which allows users to view the media content right away, no waiting required. For most stock text messaging apps, though, you’d need to open the message and play the video in order for the hackery to take place. When talking about messaging apps, Drake notes that “it does not require in either case for the targeted user to have to play back the media at all”.
For the most part, details on the exploit are being withheld from the public until Zimperium’s BlackHat even in Las Vegas next week. We’ll know more specifics on the exploit itself when that event takes place.
Drake sent in security patches to Google when he uncovered the exploit back in April
Just because these devices are potentially at risk, doesn’t mean the attack will be 100% successful, though. Google tells Forbes, “Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device”.
At this time it’s not clear as to which manufacturers will send out security fixes to their devices, if at all.