Android phones can be hacked with text that does not even to be opened, according to a mobile security company.
Researchers at Zimperium have dubbed the attack “Stagefright” and claimed it could access 95 per cent of Android devices, an estimated 950 million around the world, although Google said no one had been affected.
Joshua Drake, the vice president of platform research and exploitation, said that a target’s mobile number is the only thing needed to launch the hack, which could theoretically hit anyone from government officials to company executives.
Stagefright arrives in a modified file delivered in an unremarkable MMS, which can bypass Android security to execute remote code and potentially allow access to files, storage, cameras and microphones.Zimperium took these screenshots were taken on a Nexus 5 (hammerhead) running the latest version, Android Lollipop 5.1.1
Unlike phishing attacks, the user does not need to open the file for it to take effect and may not even notice it.
“A fully weaponised successful attack could even delete the message before you see it,” Mr Drake wrote.
“You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.
“This vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”Google played down the risk, saying no one was known to have been affected
Zimperium found that devices running Android versions 2.2 (Froyo) are after are vulnerable, especially those using anything older than 2012’s Jelly Bean (4.1).
Android, the software platform for mobile devices based on the Linux, was developed by Google and the Open Handset Alliance.
Google has already released a patch to protect devices and plans to release more safeguards for its Nexus devices starting next week.
Zimperium also offers a fix and users of the privacy-focused Blackphone and Mozilla Firefox are protected.