How to Hack Android Phone | Part - 2
Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message.
Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets.
Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium.
The vulnerability actually resides in a core Android component called "Stagefright," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs.
A Text Message Received...Your Game is Over
The sad news for most of the Android users is that the fix will not help Millions of Android users that owned older versions of the operating system that Google no longer supports, opening doors for hackers to perform Stagefright attack.
Drake has developed and published a scary exploit that uses a specially crafted text message using the multimedia message (MMS) format.
All a hacker needs is the phone number of the victim’s Android device. The hacker could then sends the malicious message that will surreptitiously execute malicious code on the vulnerable device with no end user action, no indication, nothing required.
Stagefright: Scary Code in the Heart of Android
The same vulnerability can also be exploited using other attack techniques, such as luring victims to malicious websites.
Almost all Android devices containing Stagefright are in question. According to Drake, all versions of Android devices after and including version 2.2 of the operating system are potentially vulnerable, and it is up to each device manufacturer to patch the devices against Stagefright attack.
When will I expect a Fix?
Google has patched the code and sent it to device manufacturers, but devices require over-the-air updates from companies such as Samsung or Motorola to update their customers' phones.
Given the shaky history of handset manufacturers and carriers rolling out security patches, it is not known how long the companies will take to update vulnerable Android devices against Stagefright attack.