A new threat of hacking smartphones running on the Android operating system threatens from a banal MMS message. Zimperium’s mobile security experts have discovered yet another OS vulnerability that lies in the Android kernel component responsible for working with multimedia files. The hacker only needs to know the phone number of the victim. A sent message containing specially composed code can independently get to the system. Users do not even have to run an infected file. The vulnerable component is used to automatically generate thumbnails, extract video and audio metadata.
Simply get the infected file via MMS or copy it inside the file system.
In the first case, the user will not even understand how his device was hacked, because MMS can arrive at night in silent mode, and the malicious code will delete any mention of the message.
Specialists not only revealed the vulnerability, but also created patches to close it. But the problem is that Anroid update is very slow, and therefore 95% of devices with this operating system are still at risk. The most vulnerable are smartphones and tablets that run on Android 4.3 and below, since they lack certain protective mechanisms against this type of attack, which appeared in future versions of Android.