Google Inc , is set on fixing one of the largest holes in its Android mobile OS after one white hat hacker figured out how to take control of a smart phone by simply sending a multimedia message. Joshua J. Drake informed Google of the exploit ahead of a conference this week, and Google will roll out an update for Nexus devices soon.
Mr. Drake will show off his Android Hack at the BlackHat conference on August 5 and the Defcon Conference on August 7. The exploit doesn’t really show a weakness in Android security. All platforms have bugs and loopholes that hackers can exploit. The fix, however, may show off some of the deeper problems in the Android world.
Hacking Android by text message
Mr. Drake, in a statement on the Android hack he discovered, said ” Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it.”
The big problem for users is that they don’t have to do anything wrong in order to be attacked by this method. A hacker can get to your phone, and a ghost MMS notification is the only warning you’ll will get. That’s not likely enough to inform users that their data might be open to someone other than Google, Samsung, and Facebook.
Mr. Drake will show off some of the method behind his hack in the next week at two major hacking events. Both will feature teams from around the world showing off the latest ways in which they’ve twisted and turned the software built by the world’s most successful companies.
Defcon, set to take place on August 7, will even feature a hacker who claims to have gotten deep inside the Tesla Motors Model S.
Google Inc , , like other software makers, is used to seeing massive holes in their software opened by hackers. Unlike other firms, however, Google is seen as responsible for a heap of software that it has little control over.
Google scrambles to fix Android
Google Inc , is set to take care of the problem discovered by Drake on its Nexus range of “pure” Android phones next week. The firm is going to have trouble getting a fix to most Android users.
In order to update the Android on phones from other OEMs, there are two major hurdles. The first is the OEM itself. Firms like Samsung have their own version of Android, and need to review and confirm an update before it’s rolled out.
The second is, in the US at least, carriers. The people that run the wireless firms also alter software on Google’s Android phones. They need to review and alter the updates before they pass them onto phones.
Jeremiah Grossman, founder and CTO of WhiteHat, said that “each Android handset manufacturer has to deploy their own patch, even though Google has already updated the main Android codebase to fix the issue.”
The MMS exploit, which is known as “Stagefright” has only one fix for those not using a Nexus device. Turn off MMS functions on your phone and hope that the OEM and carrier work out a fix sooner rather than later.