All attackers need is your mobile number to send you a text, according Zimperium Mobile Security, and they can virtually take over your phone. That’s because if you’re one of the 950 million Android users on phones and tablets, your device uses a code library called ‘Stagefright’ which has a vulnerability. It’s possible users won’t even see the message that’s sent (a “specially modified MMS format message”) but only the alert, and the hackers will be in. Worse, users won’t know their phone has been compromised.
Josh Drake, the Zimperium VP who discovered the vulnerability in Stagefright, will present his research at two conferences in the coming weeks, beginning with Black Hat USA on August 5. Google has already applied patches submitted by Zimperium, but Zimperium says there is far more work to be done. Zimperium advises: “If you’re an end user or enterprise, contact your device manufacturer and/or carrier to ascertain whether or not your particular device has been updated the requisite patches.”