Android phones have a critical flaw which can be exploited via a simple media message. According to reports over 95% of Android phones are vulnerable.
Security researchers at Zimperium zLab discovered a fault in the Android OS that will let attackers take control of your Android device via a malware-laden MMS.
While the exploit affects over 95% of Android phones, devices running Android 4.2 (Jelly Bean) and below are much easier to hack.
The fearful bit is that you might not have to do anything at all to get exploited via this method.
If you use the stock messenger app that comes with all Android phones and devices you are at a controlled risk, as you will not be hacked unless and until the video is played.
Whereas if your messages are handled ‘hangouts’ then the pre-processing option for media attachments might just trigger the malware and you will get hacked before you know what hit (or in this case, MMS-ed) you.
Google is fully aware of this issue and has already made a patch available. However whether or not you are going to get is up to the manufacturers and network operators.
Zimperium has informed that the Nexus 6 and the Black phone are already safe from this form of exploitation and other Nexus devices are also likely to join the boat.
But devices from third-party manufacturers like Samsung, HTC, Motorola are all on the vulnerable side.
It’s totally unclear whether or not these companies will be rolling out the update in a timely manner. Also depending on the launch of the device, the manufacturer might have ended support for the update.
The best option now is to avoid MMS from any unknown places and disable all pre-processing options from all apps or to delete any app that can pre-process MMSes.