Joshua Drake, a researcher from the security firm Zimperium, just stumbled upon what could have been a monumental security problem for millions of Android users. According to BGR News, Drake discovered that hackers could compromise an Android device using just an MMS message or a multimedia file. Due to flaws in Android’s media software, BGR reports that hackers would gain access to a user’s camera and external storage once the device has been infected. Incredibly, hackers could even gain “root access” to some devices’ operating systems, allowing the hacker to act as the administrator of the device.
This vulnerability is particularly worrisome because an unwitting user could fall victim without doing anything at all. According to BGR, “[b]ecause the software framework in question is used for processing all types of media content, handsets can even be infected upon landing on a webpage with embedded video content.”
Drake told Forbes that in his testing of the Messenger application that the virus is not triggered automatically,“but if you look at the MMS, it triggers, you don’t have to try to play the media or anything, you just have to look at it.”
Thankfully, Drake has already developed a patch for the exploit, and Google has applied it to its internal code base. But new Android updates take time to trickle down to the many millions of devices already out in the hands of consumers. Worse still, people with older Android devices that are no longer eligible for software updates, as well as users with Android handsets from makers who aren’t “official Google partners,” won’t have access to the patch at all.
The extent of this security issue raises the awkward question of how many other unknown risks exist for Android users that have yet to be discovered.
For more information about how to protect yourself from Android hackers, visit WonderHowTo’s page on Android Gadget Hacks.