Android bug: MMS attack affects ‘one billion’ phones

Android phone users will do well to take note. A bug in the Android mobile operating system has been discovered by researchers, who say it affects nearly a billion devices.

The flaw, which affects phones running Android version 2.2 and higher, can be exploited by sending a photo or video message to a person’s Smartphone, without any action by the receiver. Said the researchers, who believe it was one of the worst Android vulnerabilities to date,

“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.”

Hackers were able to send malicious code with a multimedia message (or MMS) that could access a service within Android called Stagefright. After Stagefright had been invoked – which require no action from the victim, including opening the message – other data and apps on the handset could be accessed by the malicious code.

Click here to read about mobile updates announced by Google earlier this year.

Click here to read about unbreakable phone screens!

Said a security expert,

“On some devices, the privileges at which this runs means an attacker could access all kinds of content on your device or access resources such as the camera.”

Google has subsequently produced a patch to fix the problem. However, millions of devices currently remain unpatched because hardware manufacturers and mobile operators have to distribute updates to customers themselves – and customers can reject updates manually.

Have you updated your Android phone software lately?

(All images - credit: Wikimedia Commons under Creative Commons licence)