Petronella Blog Archive

Visit our New Blog

How to Hack an Android with a Text Message

Blog Post

About 950 million Android phones and tablets can be hacked using a specific text message.

The vulnerability lies in Stagefright, an Android code library that processes commonly-used media files.  A hacker can send a message using specially-modified multimedia message, which then executes malicious code without the device's owner having to do a thing.  The message itself can even be deleted before you read it, leaving you with nothing but a notification.  This vulnerability can leave your phone compromised without you knowing anything has happened at all.

Texting is not the only way to exploit the phones and tablets.  Clicking a link to an infected website can yield the same results.

Just about every device using Android is susceptible to this attack, especially those running Jellybean (version 4.3) or older operating systems.  The only phone known to not be fully vulnerable is the Google Nexus 6, and even that isn't immune to all Stagefright attacks.  Making this even harder to protect against, each manufacturer needs to release their own patches.

Interestingly enough, all versions of the Firefox browser prior to version 38 are also vulnerable to the Stagefright attack, except on Linux systems.  

Fortunately, it doesn't appear that this vulnerability is being actively exploited... yet.  That's good news, because the only thing Android users can do right now is to wait until patches are released to shore up the security on their devices.