Mobile Security researchers have announced the discovery of a new weakness in Android that allows attackers to take control by using the multimedia messaging system.
According to the Verge, the vulnerability called ‘Stagefright’ affects roughly 950 million Android devices worldwide, according to researcher estimates. But the most vulnerable devices are those running pre-Jelly Bean versions of Android. Google has released a patch for the vulnerability to manufacturers, but most have not yet pressed that update to customers.
Zimperium has not released all the details of the attack, but it appears to target how Android processes video, specifically in the phone’s MMS messaging capability. Hackers might take advantage of that vulnerability sending out malicious code hidden as a video message. Once it takes hold, an attacker would gain the power to execute code remotely, compromising the phone’s microphone, cameras or any number of other core functions. Also in some cases, a user would not even have to interact with the message in order for the code to execute.