Android phones can be hacked with a text message that doesn’t even have to be opened, a security researcher said on Monday.
The vulnerability affects over 950 Android phones according to Joshua Drake, vice president of Zimperium, who have dubbed the attack “Stagefright”. Google however have said that no one had been affected.
The virus is sent via a MMS which is able to bypass Android’s security. It then executes a remote code allowing access to the user files and storage.
“A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojaned phone.” Zimperium researchers said.
Mr Drake will present his research at a security conference called Black Hat next month.