A recently discovered security flaw affecting some 95 percent of Android mobile devices means users are at risk of being hacked just by receiving a short message with malicious intent.
Described as the “worst Android flaw discovered to date,” effective solutions to the problem, however, have yet to be provided by major mobile phone carriers, prompting warnings from security professionals about the need for preventive measures.
The security hole on Stagefright, a media playback engine on the Android OS, allows attackers to send a malicious file via the Multimedia Messaging Service (MMS), which then runs without the user’s consent.
Once the device is attacked, it can be remotely monitored or destroyed, and even a user’s personal information can be acquired surreptitiously.
The only information hackers need is a phone number to send vicious files via MMS. After obtaining control, they can remotely delete the message so that owners cannot realize where the attack is coming from.
The security hole has affected an estimated 950 million Android devices worldwide, according to cyber security firm Zimperium, which first reported the flaws earlier this year.
Even without using MMS, the issue with the Android system itself means non-cellular mobile devices, including tablets that work only on Wi-Fi, can be exposed to risks as long as devices are connected to the network. According to security software firm Trend Micro Inc., the devices can be attacked simply by playing downloaded malicious movie files or by clicking on a hyperlink to a website that contains a malicious video.
Given the seriousness of the issue, Google quickly reacted by distributing security patches within 48 hours of being notified of the issue.
Although most Android devices are at risk, it depends on the manufacturer and mobile phone carrier as to whether these programs will be delivered to mobile devices, and when.
At this point, Japan’s largest mobile phone companies have a wait-and-see stance toward the issue.
A spokesman for major mobile phone provider NTT Docomo said mobile phones sold by the company won’t be the target of attack because their mobile devices have not supported MMS from the beginning.
“We are still investigating the magnitude of this issue” to decide whether to take any measures, the company’s spokesman Raina Saka said, adding that the company may provide security patches if necessary after the details of any attacks become clear.
Another mobile phone giant, KDDI Inc., also believes Android devices sold by the carrier won’t be targeted by direct attack because, although MMS is provided for iPhones, their Android phones do not support the service, Yuri Horiuchi, a spokeswoman for the company, said.
SoftBank Inc, the only major carrier that supports MMS for Android devices, said they were still investigating the issue to figure out the impact of the problem, spokesman Yuki Akazawa said.
Cyber security firm McAfee Inc. said that despite the seriousness of the problem, the fundamental solution may not come instantly.
“Since each Android device model is unique, it may take some time for manufacturers to create and distribute updates,” the company’s Chief Consumer Security Evangelist Gary Davis wrote in a blog entry on Jul. 30.
But Junsuke Sawarame, a spokesman for Trend Micro, pointed out that “(companies) are supposed to take measures to patch the security hole as soon as possible.”
Although no key preventive measure has been discovered beyond waiting for a software update to be provided by phone carriers, Android users can alleviate risks individually by disabling AutoFetch from MMS content, Sawarame said.
Installing security software is another measure to prevent unintentional access via malicious online content, but it cannot be the fundamental solution to the issue as it cannot protect devices from receiving malicious files via MMS, Sawarame added.
Demand for the Android OS in Japan is shrinking. In 2014, there were approximately 12 million Android smartphone shipments, down from 15 million in 2013 and 19 million in 2012, according to research by MM Research Institute Ltd.
The decline in shipments pushed Apple’s iOS to become the leader in the smartphone market at 59.5 percent of market share in Japan based on shipments in 2014 compared to 40.3 percent for Android devices over the same period, the research found.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.