media logos

New Android Vulnerability Found

android

I am a huge Android fan. I mean, I admit that iPhones are pretty great devices, but I’ll always prefer an Android over an iPhone. While together Android and iPhone take probably more than 90% of the smartphone market, generally speaking, Android tends to have a slightly higher adoption than iPhone and tends to take the market share. So, for all of you Android users out there, today I wanted to make everyone aware of a new android flaw that was recently discovered.

Researchers recently discovered a gap in the messaging software of most Android phones running an OS higher than 2.2 which will allow hackers to download malicious software on your device without you even knowing. The malicious code is transferred to users via a video text message and can be downloaded before you even hear the notification sound. You don’t even have to open the message, most of the time. The danger is much higher if users utilize Google Hangouts instead of the default messaging app, but there is a risk to just about everyone.

According to the documents I scanned, the malicious software would allow hackers to access data on your device as well as control both the camera and microphone and a host of other settings.

NPR reported recently on the flaw at length and says that several phone developers including HTC, Silent Circle, HTC and Google have all accepted the patch and have either pushed it to users or plan to soon. T-Mobile, as well, has publicly committed to users that it will work towards getting this hole patched before it becomes a problem..

This is a good news/bad news situation though. We’ll start with the bad news.

The bad news is while other developers are working on fixes, presumably, there is a good chance that older devices might not get the patch quickly as some phone developers and wireless companies are notoriously slow about updates. Both NPR and the original researcher who discovered the hole have all said that it is unlikely that the security breach has been utilized as much as it could be.

The good news is that if you have a newer version of Android (4.4 or higher) there is a way to minimize the risk of the malicious code being downloaded without your knowledge simply by changing the settings in your messaging app. Here are the steps:

  1. Open the Messenger app
  2. Click the three dots in the upper right hand corner, then Settings
  3. Tap Multimedia Messages
  4. Uncheck the box that says Auto-retrieve.

With that box unchecked, you’ll have to manually open all of your picture and video messages which will take a little longer… however, it will help reduce the chance of your phone becoming infected should you receive one of these messages before your carrier pushes an update. If you’re using Google Hangouts, the process should be similar.