A security research firm has just discovered a glaring flaw in Google's widely used Android mobile operating system which leaves millions of users open to hacking.
Zimperium, the company who conducted the research, says that all it takes to breach the system is a simple multimedia message that when sent, can infect the recipient's device immediately. The study says that a staggering 950 million phones, roughly 95% of all Android devices in the world, are vulnerable to this exploit.
NPR, which broke the news yesterday, has a detailed description of how this text message works:
Here's how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it's received by the phone, "it does its initial processing, which triggers the vulnerability."
After the message is received, hackers have near limitless access to your phone's data and apps:
Once the attackers get in, Drake says, they'd be able do anything - copy data, delete it, take over your microphone and camera to monitor your every word and move. "It's really up to their imagination what they do once they get in,"
Every Android phone or tablet released within the last five years is under threat says the company. This covers devices running Android versions as far back as Froyo, and continues through Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, and Lollipop.
According to CNN, Zimperium told Google of the discovery in April and, as is custom in the industry, gave the search giant 90 days to issue a fix to users before going public with the data. As of today, 109 days have passed since Zimperium's findings and no concrete fixed has yet to be rolled out by Google and it's numerous Android partners.
Google is working around the clock on a fix. Here's what their spokesperson told tech website CNET:
"The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device," the Google spokeswoman said. "Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device."