Vulnerabilities in Android’s “Stagefright” code allows criminals to send malware to any user via text message — and the user gets infected without even having to open it, according to a new report from Zimperium zLabs.
This is the most serious Android vulnerability discovered so far, said Joshua Drake, VP of platform research and exploitation at San Francisco-based security vendor Zimperium, Inc.
That’s because the user doesn’t have to do anything to get infected, and the attacker doesn’t have to be in close proximity to the victim.
“Now you can send malware directly to any Android device if you know their phone number,” he said.
In the prototype code that Drake put together, the only indication that there might be something wrong is an MMS notification from an unknown number.