You can hack an Android device with a text message

This single flaw will affect 950 million phones globally

Android logo

This is likely the biggest smartphone flaw ever discovered. It affects an estimated 950 million phones worldwide -- about 95% of the Androids in use today, CNN Money reports.

The flaw is in how Android phones analyze incoming text messages. Even before you open a message, the phone automatically processes incoming media files -- including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it's received, even before you open the message. Zimperium, a cybersecurity company that specializes in mobile devices, confirmed this.

This flaw is very similar to the recent Apple text hack.

But in that case, a text message with just the right characters could freeze an iPhone or force it to restart. The Android flaw on the other hand is worse, because a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera.

In a statement, Google acknowledged the flaw. It assured that Android has ways of limiting a hacker's access to separate apps and phone functions. Yet hackers have been able to overcome these limitations in the past.

The bug affects any phone using Android software made in the last five years, according to Zimperium. That includes devices running Android's Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop iterations (Google names its Android versions alphabetically after desserts).

Zimperium said it warned Google about the flaw on April 9 and even provided a fix. The company claims Google responded the very next day, assuring a patch would be shared with customers in the future.

Typically, in these situations, companies are given a 90-day grace period to issue a fix. It's a rule even Google abides by when it finds flaws in others' software.

But it's been 109 days, and a fix still isn't largely available. That's why Zimperium is now going public with the news.

Google said it already sent a fix to its "partners." However, it's unclear if any of them have started pushing that out to users themselves.

For that very reason, Google recently provided updates for its Nexus phones before any other.

This could be a test case that shows why it's so important to receive updates quickly.

Chris Wysopal is a longtime hacker and now an executive at cybersecurity firm Veracode.

"I'm interested to see if Google comes up with a way to update devices remotely," he said. "Unless they can do that, we have a big disaster on our hands."

JOIN OUR PULSE COMMUNITY!

Eyewitness? Submit your stories now via social or:

Email: eyewitness@pulse.ng

Recommended articles

Edwin Clark calls for national dialogue on insecurity

PDP governors task revenue generating agencies on transparency

VP Osinbajo says Nigeria needs unifying, proactive leaders

Osinbajo urges counter narratives to superstitious beliefs about albinism

Sanwo-Olu inaugurates 110-bed Maternal, Child Centre in Epe

Osinbajo helps launch NGO founded by Kemi Adeosun, ex-minister who resigned for forgery

My people can't sleep because of gunshots - Emir of Zazzau cries for help

Lawmaker laments killing of 12 persons by gunmen in Plateau

Ohanaeze Ndigbo insists on zoning of Anambra governorship seat