Critical vulnerabilities have been revealed that leaves nearly all Android phones exposed by a simple text that could be deleted before you ever see it.
Do you have any photos stored on your Android phone that you wouldn’t want plastered on the web for all time? If you have an Android phone, chances are excellent that your photos and videos are vulnerable, and all of your precautions as a security-savvy tech consumer can’t stop it.
Joshua Drake of Zimperium zLabs, which describes itself as an Advanced Mobile Threat Defense Company based in San Francisco, “discovered what we believe to be the worst Android vulnerabilities discovered to date.
"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone."
According to Zimperium, it not only notified Google of the problem, it provided the company with patches. Google applied those patches within 48 hours.
Unfortunately, the patches appear to have made it to very few phones in the hands of consumers. Silent Circle’s Blackphone has been patched.
Mozilla has also patched Firefox, which was affected by the vulnerability.
So, if you own an Android phone, what is your next step?
- Contact your carrier (Verizon, AT&T, etc) and ask if your phone is patched. If not, can they apply the patch?
- Contact your phone’s manufacturer and ask if the patch has been deployed. If not, ask when it will be available.
- Remove sensitive photos and videos from your phone.