Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

AP Photo/Jeff Chiu

Android phones have a serious flaw that could allow hackers in with one text

And as many as 950 million Android phones could be affected by it.

ANDROID PHONES MAY be vulnerable to a security flaw which could allow attackers into your phone through a single text.

According to Zimperium zLabs, the flaw doesn’t even require the user to open the text message to take effect.

The weakness is found in Stagefright, a media playback tool in Android, and as many as 950 million Android phones could be affected, according to Forbes.

The issue lies with Google Hangouts, which acts as the default SMS messenger for your phone. Since it automatically processes video received so it’s ready in your phone’s gallery, the malware enters your phone without requiring you to open up the text.

All an attacker needs to do is create a short video, hide the malware inside and text it to your number. There have been no instances of this flaw being exploited as of yet (if you can’t make out the image below, click here).

Cat1-1024x534 How the security flaw works. Zimperium Zimperium

Joshua Drake, a security researcher with Zimperium, told NPR he shared his findings with Google in April and May, and sent over patches to help fix the bugs. Google applied the patches to its internal code branches within 48 hours.

However, the length of time it takes for an upgrade to Android to reach all phones takes a long time as it’s not in Google’s hands. Drake estimates that as few as 20% of Android phones will get fixed, with an optimistic number reaching 50%. Part of the reason behind that estimate is that devices that are 18 months or older are unlikely to receive an update.

It’s better to assume your phone hasn’t been patched yet so to avoid this, it’s best to avoid using Hangouts entirely and change to a different SMS app like your phone’s default messenger app. Even then, you should be careful about the type of text messages you view, especially if it’s from an unfamiliar number.

If you have to rely on Hangouts, you can disable auto-retrieve MMS by going into settings > SMS and finding the option under the advanced submenu and untick it.

If you’re one of the few people who has an Android phone with version 2.2 or older, you’re safe.

This isn’t the first time a text message created problems for smartphones. Back in May, Apple’s iOS system had a problem which let you crash an iPhone by sending it a specific text.

Read: Is Twitter really taking down stolen jokes because of copyright infringement? >

Read: This monitor wants to wirelessly charge your phone while you work >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
21 Comments
    Install the app to use these features.
    Mute Rebecca O'Brien
    Favourite Rebecca O'Brien
    Report
    Jul 27th 2015, 6:34 PM

    there had been no instances of this flaw being used – but thanks to the journal you have provided more with a step by step directions on how to hack into phones… Cheers

    142
    Install the app to use these features.
    Mute Cian Geoghegan
    Favourite Cian Geoghegan
    Report
    Jul 27th 2015, 6:41 PM

    To be far someone I doubt someone with the knowledge to use such a backdoor for malicious purposes is going to have found out about a backdoor via of the journal.

    70
    Install the app to use these features.
    Mute Alan White
    Favourite Alan White
    Report
    Jul 27th 2015, 6:42 PM

    Publicity means the issue will be sorted quicker. The reason there’s no instances reported may be because people were unaware they were being hacked. Now they can be vigilant. Hackers already know this flaw if it’s made it to mainstream media, trust me.

    33
    See 1 more reply ▾
    Install the app to use these features.
    Mute Cian Geoghegan
    Favourite Cian Geoghegan
    Report
    Jul 27th 2015, 6:43 PM

    And to be fair about the start of that comment it’s Monday.

    13
    Install the app to use these features.
    Mute Conor Power
    Favourite Conor Power
    Report
    Jul 27th 2015, 6:37 PM

    Don’t know anyone who would use hangouts for SMS its a wreck head for this.

    112
    Install the app to use these features.
    Mute Enda Cusack
    Favourite Enda Cusack
    Report
    Jul 27th 2015, 6:33 PM

    This vulnerability has been known for a while now

    81
    Install the app to use these features.
    Mute Emma Murphy
    Favourite Emma Murphy
    Report
    Jul 27th 2015, 6:53 PM

    That’s what you get for choosing android over apple.

    39
    Install the app to use these features.
    Mute Mark Malone
    Favourite Mark Malone
    Report
    Jul 27th 2015, 7:22 PM

    I’m still uncertain as to whether or not Emma is a troll or a simpleton.

    I’m leaning towards troll.

    262
    See 6 more replies ▾
    Install the app to use these features.
    Mute Richard Cheney
    Favourite Richard Cheney
    Report
    Jul 27th 2015, 7:31 PM

    Watch out for the hipster Android fanboys Emma!

    18
    Install the app to use these features.
    Mute Paul Roche
    Favourite Paul Roche
    Report
    Jul 27th 2015, 7:33 PM

    Lean away Mark,
    No system is going to be 100% secure, but some are better than others. You cannot fix stupid.
    Sent from my iPhone.

    18
    Install the app to use these features.
    Mute Brendan McGill
    Favourite Brendan McGill
    Report
    Jul 27th 2015, 8:09 PM

    What if Hangouts isn’t your default sms app?

    42
    Install the app to use these features.
    Mute Mary Kavanagh
    Favourite Mary Kavanagh
    Report
    Jul 28th 2015, 5:23 PM

    If I’m not mistaken Apple have a few flaws as well.

    1
    Install the app to use these features.
    Mute ULTRON
    Favourite ULTRON
    Report
    Jul 28th 2015, 7:02 PM

    Than you’re most likely safe. The title should say ‘Google Hangouts has a serious flaw that could allow hackers in with one text’.

    1
    Install the app to use these features.
    Mute ULTRON
    Favourite ULTRON
    Report
    Jul 28th 2015, 7:18 PM

    That you are safe, as the exploit only affects Hangouts so the article title is a bit misleading

    1
    Install the app to use these features.
    Mute Kane Abel
    Favourite Kane Abel
    Report
    Jul 27th 2015, 7:21 PM

    Oooh, what does this text say then? I am being the King of Nigeria, please give me unrestricted root access to your phone?

    21
    Install the app to use these features.
    Mute Richard Cheney
    Favourite Richard Cheney
    Report
    Jul 27th 2015, 6:58 PM

    Why am I not surprised? When are people going to wake up to the Android scam and switch to the safety of the iPhone.

    18
    Install the app to use these features.
    Mute John R
    Favourite John R
    Report
    Jul 28th 2015, 8:16 AM

    Sean bluntly that’s a silly comment. Nothing is 100% secure so your advice is use whatever phone you want ? Some phones are more secure than others. iPhones are more secure than Androids. Partly this is basic design. Android was originally designed as an open system. But mainly it is because a large proportion of Android users do not update to the latest more secure software version. There are numerous reasons for this but essentially the Android market is fragmented among many different phone manufacturers. Apple on the other hand is a single monolith. Finally Google owns the Android system which is designed to facilitate the mining of your data so that advertising can be sold. That is how Google make their money. Apple on the other hand make their money from their hardware.apple is safer but as many people don’t like it they use other systems. Fair enough. Everything is a trade off.

    1
    Install the app to use these features.
    Mute Mary Kavanagh
    Favourite Mary Kavanagh
    Report
    Jul 27th 2015, 6:37 PM

    I have the Messages app that was on my SGS5 when I got it. I use Text Secure as my default app. Can I delete Hangouts as I never use it? Tia, Quinton.

    15
    Install the app to use these features.
    Mute Conor Power
    Favourite Conor Power
    Report
    Jul 27th 2015, 6:38 PM

    You should be able to delete hangouts but you are not at risk if it is not your default SMS app

    16
    Install the app to use these features.
    Mute Brian Ó Dálaigh
    Favourite Brian Ó Dálaigh
    Report
    Jul 27th 2015, 6:48 PM

    No, you can’t delete Hangouts (well, it may be possible by rooting the phone). However, you can disable it by going to Settings->Apps->Hangouts and then selecting Disable

    14
    See 1 more reply ▾
    Install the app to use these features.
    Mute Mary Kavanagh
    Favourite Mary Kavanagh
    Report
    Jul 28th 2015, 5:23 PM

    Thanks for that, both of you!

    1
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.
JournalTv
News in 60 seconds