It may be the largest security flaw ever discovered in smartphones.
Zimperium, a mobile security company, has announced that 95% of Android phones can be hacked by simply receiving a picture via text message. That would make 950 million phones around the world vulnerable to being hacked.
But what makes this even more concerning is the fact that the text message doesn’t even have to be opened for the phone to be hacked. Android phones begin analyzing text messages before they are opened using a tool called Stagefright. This allows the malware to get complete control of the device without the user ever doing anything.
Apparently, the flaw affects all Android phones using software from the previous five years.
This problem also underscores the difference in how Android and Apple phones are updated. Apple pushes out an update to all of its phones at the same time. Android depends on third party phone makers to get the updates to users, and this can be a time consuming process. Zimperium has created a patch but estimated that only 20-50% of phones will get the patch because of the way Android phones are updated.
Zimperium’s will show how the Stagefright malware works and can be exploited at the Black Hat hacker conference in Las Vegas, which starts August 1.
Google says that patches have been provided to the phone makers but did not say exactly when or how those were pushed out.
“The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device,” a Google spokeswoman said. “Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.”