Hackers can do plenty of things to your phone if you purposefully open attachments or install unapproved third-party applications. But what if you don’t do any of that? What if you think you’re just a regular user who doesn’t attract that kind of attack? Turns out you’re still at risk, at least according to a new report from NPR, which spoke with a security researcher who discovered a new flaw that can affect anyone.
According to Joshua Drake, the co-author of Android Hacker’s Handbook, Android has a major security flaw in which attackers can send a malicious video file through Hangouts or MMS and attack your phone. You don’t even have to play the video to give hackers access to everything including your data, microphone, camera and more.
It reminds us of that iOS bug that crashed iPhones, but it’s much more nefarious.
“[The attack] happens even before the sound that you’ve received a message has even occurred,” Drake explained to NPR. “That’s what makes it so dangerous. It could be absolutely silent. you may not even see anything.” Drake is explaining the process by which a hacker would send a video via Hangouts, but it still works through MMS — though you’d have to open the message — not the actual video file — the open your device to the threat.
Drake said he told Google about the exploit and even provided a fix, but he explained to NPR that Android’s infrequent patches — we all know how long it takes for a manufacturer to issue a fix, let alone a carrier to approve one — will result in fewer than 20 percent of Android devices getting the patch.
Our advice: beware of who you accept messages from on Hangouts and don’t open text messages from numbers you don’t recognize.