Call Me Maybe? Android Flaw Could Interrupt Your Calls

News
By
published

An Android flaw that lets attackers interrupt users' phone calls has been patched, but many users won't be able to upgrade.

Those dropped calls you've been experiencing might be the result of something malicious: A bug in most Android devices could let attackers remotely interrupt calls, initiate new calls or send text messages from affected Android phones.

The good news is that the flaw only affects devices running older Jelly Bean (4.1-4.3) and KitKat (4.4) versions of the Android operating system: Android 4.1.1 through 4.4.2, and possibly 4.4.3 as well. In Android 4.4.4, released June 19, the bug has been patched. The bad news is that most Android devices can't get 4.4.4 yet.

According to Google's own statistics gathered in July 2014, about 75 percent of Android users have devices that run Jelly Bean or KitKat.

MORE: Best Android Antivirus Software 2014

The bug, discovered by Berlin-based security company CureSec, can only be exploited via a rogue application installed on vulnerable Android phones. However, due to the presence of the bug, the app doesn't need to officially have permission to access the device's phone in order to interrupt or initiate calls.

Why can't some Android users upgrade to the newest, more secure operating system? So many hardware manufacturers make different kinds of Android phones, and make various tweaks to Android, that each time Google releases a new Android update, the manufacturers need to fine-tune it to their specific devices. As a result, Android devices don't all receive the latest software updates at the same time.

CureSec notified Google about the issue last year, and Google incorporated a patch for the bug in Android 4.4.4 when it was released last month. However, only devices that get Android updates directly from Google -- such as Motorola's Moto E, Moto G and Moto X; the Nexus line of phones and tablets; Google Play-edition phones; and some Sony phones -- have received the 4.4.4 update as of this writing.

In the meantime, CureSec has developed an Android application available (available on the company's website) that will check to see if your phone is vulnerable to this bug. You can keep your phone secure by not installing any potentially problematic apps on your device, and by making sure that "Unknown sources" is unchecked in your devices security settings.

Email jscharr@tomsguide.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

See more Phones News
Jill Scharr

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

More about android phones
Nubia Flip 2 5G folded with AI pet

Forget Samsung Galaxy Z Flip 7 — this foldable will cost nearly half the price
tcl nxtpaper 60 handset from the back

TCL wants to bring AI features to $200 phones — here’s how it will work
YouTube logo on smart TV with remote control

YouTube reportedly working on massive upgrade to fight Netflix and Amazon

See more latest
5 Comments Comment from the forums
  • warezme
    Why aren't all android phones developed to run the latest android and then have all manufacture specific functions such as camera, audio, gui updates update seperately to the phone like apps. That way the phone is always updated and everything keeps working or can be easily updated individually as needed.
    Reply
  • ddpruitt
    So many hardware manufacturers make different kinds of Android phones

    That's a totally bogus statement from the manufacturers. The vast majority of models have nearly identical hardware that really doesn't affect the OS and it only requires minor work to patch, build, and push an update. The problem is a combination of the bloatware and the fact that most OEMs forget about a device as soon as it's been released and don't care about updating.. MS doesn't patches Windows all the time and they have to worry about a much larger hardware space.
    Reply
  • alextheblue
    "As a result, Android devices don't all receive the latest software updates at the same time."

    Some don't receive the latest updates at all, Jill. At least not through official channels. Many phones are abandoned by their manufacturers, sometimes after only a year or so. Meanwhile you've got people crying that XP (which is ancient as heck) isn't getting updated anymore. :P
    Reply
  • Steve Simons
    My wife's android was abandoned by the manufacturer very shortly after it came out. We said, "never again," and in about a month, she'll have a shiny iphone like I already do. The fact that the iphone is WAY more secure and updated is a huge selling point when you do business from you phone.

    Android needs to figure this out because people are starting to catch on to the Shiny flash of the new phones only to see them abandoned the second the new one comes out. Apple still supports the 4S and to a lesser degree the 4. Pretty crazy.
    Reply
  • mnd_bg
    "The bug (...) can only be exploited via a rogue application installed on vulnerable Android phones."

    Yaaawn. Another storm in a teacup. It's getting boring.
    The vast majority of the security breaches happen because the user is doing something he/she shouldn't be doing. I have a four year old rooted HTC with Android on. I switch the internet on only when I need it, I install only known and proven apps. I have app that manages permissions on everything that's installed on the device. On top of that I have a security software (paid one, not "free"). And basically this is the bare minimum everyone should have/do on their smartphone. It's simple as that.
    Reply