Nearly 1 billion Android phones could be hacked with just a text message

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
Nearly 950,000 million Android phones could be hijacked by a text message. (Getty Images)

Nearly 950,000 million Android phones could be hijacked by a text message. (Getty Images)

NEW YORK — Almost a billion Android users could be at risk from a data breach involving one text message.

Joshua Drake, a mobile security researcher at ZimperiumzLabs told Forbes that six vulnerabilities have left 95 per cent of Google Android phones open to hackers. The bug  could be one of the worst Android security holes to date.

The weakness is in Stagefright, a media playback tool in Android.

According to Drake, attackers only need your cell phone number to execute the hack. The hacker would then send a multimedia message (MMS) which allows them to write code to it. They can then access all areas of the phone where Stagefright has permission to use including audio, video and Bluetooth.

The Stagefright vulnerability has been assigned with the following CVEs: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828 and CVE-2015-3829.

Drake says Androids below version 2.2 are not affected by the bug. Devices running Android versions prior to Jelly Bean are at the worst risk.

A spokesperson for HTC Corporation told Forbes that “Google has informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.