It was recently discovered that there is a bug that can affect almost 95 percent Android devices. This represents 950 million phones all over the world. Apparently, it is as easy as pie too. It only takes a text message to let a hacker in.
The most worrying aspect is not how easy it is to do it, but how vulnerable the device is. You don’t even have to click on anything to have your system hacked into.
“Android and derivative devices after and including version 2.2 are vulnerable. Devices running Android versions prior to Jelly Bean (roughly 11% of devices) are at the worst risk due to inadequate exploit mitigations,” said Joshua Drake, who works for the mobile security company Zimperium zLabs and discovered the virus.
He calls this vulnerability “Stagefright” and compares it to “Heartbleed”, a bug that exposed emails, bank data and various information through a small flaw in Internet server coding. Joshua Drake also said that this bug is much worse than Heartbleed, especially for the devices mentioned above.
All the hackers need is your phone number. They would send a media file via MMS. Moreover, if they work fast enough and are skilled attackers, they can even delete the message before you get the chance to look at it. You can thus be exploited without having to do anything. It can happen anytime, anywhere without you being aware of it. You will be carrying a trojane phone without suspecting a thing.
This means that the attackers will have access to your photos, messages, video recordings and make use of them as they please.
However, Drake has already told Google about the problem and they are working to find a solution to it. In spite of that, Drake said this is just the beginning “of what will be a very lengthy process of update deployment.” He also mentioned that the devices that are more than 18 months old have very slim chances of getting an update.
According to a representative of Google, most Android devices are well-equipped against an attack and exploitation will be quite difficult. They also have a sandbox meant to protect applications and user data. Moreover, a team is working to come up with a good patch for this problem.
Image Source: utbblogs