Skip to main content

Call Me Maybe? Android Flaw Could Interrupt Your Calls

Those dropped calls you've been experiencing might be the result of something malicious: A bug in most Android devices could let attackers remotely interrupt calls, initiate new calls or send text messages from affected Android phones.

The good news is that the flaw only affects devices running older Jelly Bean (4.1-4.3) and KitKat (4.4) versions of the Android operating system: Android 4.1.1 through 4.4.2, and possibly 4.4.3 as well. In Android 4.4.4, released June 19, the bug has been patched. The bad news is that most Android devices can't get 4.4.4 yet.

According to Google's own statistics gathered in July 2014, about 75 percent of Android users have devices that run Jelly Bean or KitKat.

MORE: Best Android Antivirus Software 2014

The bug, discovered by Berlin-based security company CureSec, can only be exploited via a rogue application installed on vulnerable Android phones. However, due to the presence of the bug, the app doesn't need to officially have permission to access the device's phone in order to interrupt or initiate calls.

Why can't some Android users upgrade to the newest, more secure operating system? So many hardware manufacturers make different kinds of Android phones, and make various tweaks to Android, that each time Google releases a new Android update, the manufacturers need to fine-tune it to their specific devices. As a result, Android devices don't all receive the latest software updates at the same time.

CureSec notified Google about the issue last year, and Google incorporated a patch for the bug in Android 4.4.4 when it was released last month. However, only devices that get Android updates directly from Google -- such as Motorola's Moto E, Moto G and Moto X; the Nexus line of phones and tablets; Google Play-edition phones; and some Sony phones -- have received the 4.4.4 update as of this writing.

In the meantime, CureSec has developed an Android application available (available on the company's website) that will check to see if your phone is vulnerable to this bug. You can keep your phone secure by not installing any potentially problematic apps on your device, and by making sure that "Unknown sources" is unchecked in your devices security settings.

Email jscharr@tomsguide.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.