Majority Of Android Phones At Risk Via MMS Threat
The issue lies with Stagefright, a media library, with Zimperium stating Android and derivative devices after and including version 2.2 are vulnerable, exposing 95 per cent of Android devices.
According to Zimperium, attackers only need the user’s mobile number, with which they can remotely execute a code via a specially crafted media file delivered via MMS.
“A fully weaponised successful attack could even delete the message before you see it,” Zimperium states via its blog. “You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.
“Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”
Zimperium noted that Google acted promptly once it had reported the problem, applying patches to internal code branches within 48 hours, however added that “unfortunately that’s only the beginning of what will be a very lengthy process of update deployment”.
Zimperium recommends users contact their device manufacturer and/or carrier to find out whether their device has been updated with the requisite patches.