Security researchers at Zimperium have discovered an exploit that lets attackers take control if they send a malware-laden MMS video. The kicker is that you may not even need to do anything to trigger the payload, depending on your text messaging app of choice. While the stock Messenger app won’t do anything until you see the message, Hangouts’ pre-processing for media attachments could put you at risk before you’re even aware that there’s a message waiting.
Google is already on top of the flaw, and has pushed out a fix to its hardware partners. However, whether or not you’ll get that fix will depend on your phone’s manufacturer. Zimperium tells Forbes that the Nexus 6 and Blackphone are already safe against some of the related flaws (other Nexus devices are likely in a similar boat), but more common third-party phones from Samsung, HTC and others are typically still vulnerable. It’s also unclear as to whether or not these companies will deliver fixes to their relatively recent devices in a timely manner, or at all. Depending on when you got your handset, it might remain exposed.
Sandy Meh (System Engineer and Freelancer)