The Mother of All Android Hacks

The Mother of All Android Hacks

Users of the popular Android operating system are all vulnerable to “the mother of all Android vulnerabilities” in which a simple text message can give hackers complete control of your phone.

The worst part, is that you don’t necessarily need to open the text message for the hackers to gain control of your device. This flaw was uncovered by security firm Zimperium, and the text message contains a video file. In the code for the video file is a string of malicious code that then activates once received. You don’t even have to watch the video to have your phone taken over.

Long story short is that if hackers send out this malicious code to every Android phone right now, they could gain access to your phone.

Zimperium has stated that the flaw has not been exploited by hackers, yet.

Google has been notified has is working on a fix. The amount of devices affected is astronomical. This bug affects any device running Android in the last five years, according to Zimperium.  In 2015 alone, more than 1.1 billion devices will be shipped, according to industry analysts IDC.

If you have an Android device, update it now!

This is quite similar to the recent iPhone text message hacking story from a few weeks ago.

iOS Bug Crashing iPhones With A Single Text Message

iOS Bug Crashing iPhones With A Single Text Message

Update – 6:45pm – The problem very much still exists. Use the code below for educational purposes, with the recipients consent please.

Last night MacRumors.com reported that a new bug has been discovered that affects all users of the popular iPhone.

The bug affects the iMessage and SMS app on the iPhone, and when a user sends a specific string of characters to an iPhone it can cause an immediate reboot of the iPhone. The bug was first reported in a Reddit.com thread and has quickly spread around the globe in hopes that there is a solution to the problem.

The specific message contains specific Arabic characters and symbols:

Power
لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ

and if sent to users of iPhones, it can cause the message app to crash and reboot the phone. Once you reboot the phone and attempt to open the message app in list view, the app will crash again.

The Reddit.com user that discovered and wrote about the issue was “sickestdancer98”, and his explanation was

I can tell you it is due to how the banner notifications process the Unicode text. The banner briefly attempts to present the incoming text and then “gives up” thus the crash. On a jailbroken device, this ultimately leads to safe mode. However, on a stock iOS device, there is no safe mode hence the respring after the crash. That is why this only happens when you are not in the message because the banner is what truly crashes the entire system. Is this a possible vulnerability? Maybe. Has this been around already? Roughly since iOS 6. Can it be fixed/patched? That, my friends, is up to Apple. I hope I cleared things up a little bit if it did help in anyway, shape, or form.

Based on my testing with a couple of iPhones, the quickest way to solve the problem is to go to the photo app, and send a photo to the person who sent you the iMessage / text and then go back into the messages app and delete the conversation.

Once you have done that, you can prevent it from happening again by going to Settings > Notifications > Messages and changing your settings to the settings pictured here.

Uncheck the “show in lockscreen” and turn off  banner notifications, which prevents the iPhone’s banner from crashing the phone.

Apple’s engineers are aware of the issue and will hopefully have an update shortly.

If you are experiencing any issues with your iPhone and restoring functionality, visit an Apple store or feel free to reach out to bryan @ seelysecurity.com for assistance.