The best defense against any of your gadgets becoming flooded with malware has always been personal vigilance. “Hmm, this app looks sketchy and is from a third-party app store I’ve never heard of. NOPE!” But a new vulnerability, discovered by security experts at Zimperium, can attack your phone with just a text.
According to Zimperium researcher Joshua Drake via NPR, here’s how this scary bit of malicious hacking happens:
The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it’s received by the phone, Drake says, “it does its initial processing, which triggers the vulnerability.
The real culprit here is our endless thirst for convenience and Hangouts, Google’s SMS alternative. Because Hangouts automatically processes video so it’s ready in your gallery, the malicious code enters your phone without you even clicking on the text. So essentially, you receive one malicious text and your smartphone turns against you.
Zimperium says Google’s done a good job implementing fixes over the last few months, but this scenario is why Android’s open ecosystem can be more of a curse than a blessing. Even if patches this lapse in security, that’s only going to reach so many people. According to Drake, that’s only 20 percent. Others will have to deal with the annoying shitstorm that is waiting for updates through manufacturers and carriers.
If you’re really worried about your smartphone being a ticking time bomb ready to explode at the whim of some hacker, stop using Hangouts. Most other texting apps won’t immediately download a video until you open the text. So it’s still risky, but at least you can see an unknown number and delete without worry. The only good news from all of this is that the use of this vulnerability hasn’t been seen out in the wild yet, so here’s hoping that 950 million Android phones can get patched before this becomes a serious problem.
For almost a decade, not being a dumb, gullible, internet idiot was enough to save you from most nasty software out there, but now it can be delivered right to your digital doorstep—and there isn’t much you can do about it.
[NPR]
Photo by Michael Hession