Hackers have found another way to not only access sensitive information from smartphones but also take control of our devices.
Nearly one billion Android phones are at risk. The software in those phones has been vulnerable to this kind of hack for nearly five years, but only just now was it uncovered. And users may not even know they've been hit.
Without a link or an email embedded with a malicious piece of malware, hackers can get into your Android phone and access all that it contains.
Contacts and call records, pictures, banking apps, social media profiles, and text messages are all up for grabs and could even fall under the control of the hacker.
"It's not like you would automatically notice things happening on the phone. They'd be happening in the background. They'd be manipulating on the back end of the phone," said Ken Smith, a "white hat hacker" with Secure State.
He says hackers are getting in through malformed MMS picture and video messages. All they need is your phone number.
"When you get a text message and it's a picture and you open up your messaging app and the picture is right there, it's been auto loaded. It doesn't actually, necessarily require any act on the part of the victim. It just might happen without their knowledge," Smith said.
Since the discovery is so fresh, experts are unsure about the number of people who may have already been victimized this way, but Smith says
this is big.
"A clever attacker would be able to send the message, get control and then delete it before you see it. So you might not even know that anything has actually happened," he said.
Smith says the stop gap is quick and simple.
"From within the Hangouts or Messaging application you go to the SMS option under settings, find the auto retrieve MMS option and simply unclick
that," Smith said.
Expect a software update in the near future to correct this vulnerability.
But some phones which are no longer supported will not be able to be patched for this and will continue to be vulnerable.