MAJOR flaw lets cybercriminals HACK into your smartphone with ONE text message

A TERRIFYING flaw in the Android operating system allows hackers to gain access to your device with one simple text message – and you don't even have to open the message.

By Aaron Brown, Express Affiliate Development Editor with 10 years of experience writing about the latest developments in consumer technology, product reviews, and buying advice

The target does not even have to open the text message for the hacker to gain complete access GETTY

The target does not even have to open the text message for the hacker to gain complete access

Android is comfortably the most popular mobile operating system on Earth with an estimated 80 per cent of all smartphones running on the OS.

But mobile security experts believe they have found a major flaw in the software, which could let hackers into your smartphone by sending one malicious text message.

Worst of all – the target in the attack does not even have to OPEN the text message for the hackers to succeed.

In this case Google is not the actual one to blame

Collin Mulliner, Northeastern University

Zimperium security researcher Joshua Drake explained: "This happens even before the sound that you've received a message has even occurred.

"That's what makes it so dangerous. [It] could be absolutely silent. 

"You may not even see anything."

The hack works using a short video, laced with malware.

The vulnerability is in the Android operating system, but security researchers say Google is NOT to blame GETTY

The vulnerability is in the Android operating system, but researchers say Google is NOT to blame

As soon as the infected video file is sent in a text message, the target's phone will begin processing the new message – which triggers the vulnerability.

Google's Hangouts messaging app is the alleged culprit, since it will instantly process the video as soon as its received so it is ready to watch in the users' gallery app.

Using the default Android messaging app is "a tiny bit less dangerous," according to Mr Drake, who co-wrote the Android Hacker's Handbook.

In this app, the user has to view the text message for the hack to take place. Looking at the new message triggers the same processing that Hangouts begins automatically.

"It does not require in either case for the targeted user to have to play back the media at all," Mr Drake adds.

Once the video has been processed – the hackers are in and the sky is the limit.

The Zimperium security researcher claims the hack allows cybercriminals to copy data, move files, delete data, take over your microphone and camera to monitor your every word and move.

"It's really up to their imagination what they do once they get in," he cautioned.

The security expert has reported the flaw to Google and forwarded some patches for the flaw.

"Basically, within 48 hours I had an email telling me that they had accepted all of the patches I sent them, which was great," he said.

"You know, that's a very good feeling."

However the patches are now with the carriers and smartphone manufacturers – many of whom will do their own tests before rolling out the security update.

Mr Drake believes that as few as 20 per cent of smartphones are currently fixed, though admits the figures could be "potentially up to the optimistic number of 50 per cent."

"In this case Google is not the actual one to blame," explained Collin Mulliner, who works as a senior research scientist at Northeastern University. 

"It's ultimately the manufacturer of your phone, in combination possibly with your carrier."

Some 99 per cent of mobile malware in the first quarter of 2014 was designed to run on Android devices, according to findings from firm F-Secure.

A spokesperson from Google told NPR: "We thank Joshua Drake for his contributions. 

"The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.

"Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. 

"Android devices also include an application sandbox designed to protect user data and other applications on the device."

Would you like to receive news notifications from Daily Express?