In the latest software bug news, Android users should be careful they’re protected after researchers at Zimperium zLabs discovered a flaw in the Android OS that they are saying could be the worst flaw to ever hit Android devices. The reason this one is so dangerous: you don’t have to open the malware-ridden attachment to be compromised.
And while Google has been aware of the flaw since April and even coded a patch in order to fix the problem,according to Forbes, lead researcher Joshua Drake believes that some manufacturers and carriers have yet to offer the fix to everyone. Are you at risk?
The Problem
A hacker merely needs to send a simple text message in order to take control. That text message contains an attachment riddled with malware, and you don’t even have to open the attachment. It’s a remote MMS attack that takes advantage of six vulnerabilities in the Android OS 2.2 and later.
And it doesn’t even matter if you view the text message or not, depending on which chat client you use. Hangouts, for example, will decipher the code before you even know you’ve received it. Furthermore, the message could also be deleted before the user was even alerted the message was there, leaving you scratching your head after the attack takes place. It is estimated that 950 million using Android are at risk, according to Drake.
In testing, the default messaging app on a Galaxy Nexus running Ice Cream Sandwich, Messenger, doesn’t immediately infect your phone, but if you open the message with the infected attachment, it will do its damage. You don’t need to open the attachment -- merely looking at the message is enough.
Should You Worry?
So just how serious is the risk with this security flaw? Researchers say that they don’t believe this has been used as of yet. However, it is the largest flaw ever found in Android history. The fact that Google has made a fix isn’t really consolation -- Google isn’t the party responsible for getting the fix to Android users. That’s up to carriers and phone manufacturers, tasked with pushing the fix to you directly. The problem here lies in the fact it’s impossible to say which devices are at risk and which ones aren’t.
Google responded immediately to vulnerability reports provided by Drake, stating that patches were in the works and would be rolled out with a future release. The company thanked Drake for discovering the weaknesses.
The best way to determine if you are at risk is to just assume you are. Forbes attempted to determine which companies have pushed out the patches and which haven’t, but none of them responded. Drake ensured that manufacturers and carriers have been urged to deal with these matters immediately, but we all know how that can go. Google reassures consumers by pointing out the newer Android devices were developed with technologies to make exploitation as difficult as humanly possible.
To protect yourself, be sure to update your OS and install new versions immediately, as they are released and become available.