Nightmare Android flaw lets a single text hack millions of phones

Beware the latest Android malware.

Beware the latest Android flaw.

Security researchers have discovered yet another nightmare Android flaw that allows hackers to gain access to your device with just a text message. The flaw affects around 95% of devices running Android 2.2 through 5.1.

Discovered by Zimperium, the “Stagefright” vulnerability is within Android’s media library, and it gives hackers access to your device when it received a malicious MMS. Once inside, they can obtain personal files and data, read your emails, and even access your microphone.

What’s most concerning is that this attack requires no input from the handset’s owner; there is no link to visit or file to install, you only need to receive the MMS message to be at risk. This means attackers could access your device without your knowledge and delete any evidence when they’re done. All they need is your phone number.

“This happens even before the sound that you’ve received a message has even occurred,” Joshua Drake, security researcher with Zimperium, told NPR. “That’s what makes it so dangerous. [It] could be absolutely silent. You may not even see anything.”

Part of the problem is Android apps like Hangouts, Google’s own messaging apps, which processes MMS messages and adds content to your gallery automatically. Messaging apps that do not do this make your device that little bit safer.

The good news is, Drake says that hackers out in the wild aren’t exploiting this flaw — at least not yet. What’s more, Google has already acknowledged it and has made fixing it a top priority, and it insists many of its partners have already rolled out a fix.