Close to one billion Android phone users have been left at the mercy of hackers thanks to a serious flaw in Google’s Android operating system that can be exploited by a simple text message. The vulnerabilities have prompted Google to issue a prompt upgrade proposal to phone manufacturers worldwide as what is being labeled the worst Android flaw ever continues to take shape.
Joshua Drake of Zimperium zLabs is responsible for discovering the flaws. He reported the bugs to Google in April. Google responded by issuing corrective patches to phone manufacturers such as LG, Motorola, Sony, Samsung, HTC and Lenovo. However, it is not certainly known whether smartphone makers have actually upgraded their devices to safeguard end user data.
Drake attributed the flaws to a media playback operation in Android known as Stagefright. According to Drake, the tool consists of multiple “remote code execution” bugs that could be set off by malicious hackers wherever they were. The attackers would only need to send exploits packaged as Stagefright Multimedia Messages (MMS) that would allow them to write codes to the receiving device. The code would grant the hackers unlimited data from the phone’s memory, including photos, audio, video and SD card info.
With the recent wave of celebrity nude photo leaks still fresh, worry is spreading over just how much information can be accessed and just how much of personal information belonging to U.S. citizens has already been compromised. With over 950 million handsets open to access through a simple MMS, Android’s flaws have resulted in close to 15 per cent of the world’s population being exposed.
Users wary enough to block the MMS do not stand a chance. According to Drake, if the MMS were sent through Google Hangouts, it would open before the owner had an opportunity to even check the phone, triggering a massive amount of data leaks that would surely qualify as the greatest cyber crime of all time.
According to Forbes, on inquiry, only HTC had resorted to include the patchwork in upcoming models but it was not relayed whether the upgrades would be available for downloading online.
It appears at the time of writing that virtually all affected models remain unpatched, exposing almost 1 billion of the world’s smartphone users to attack.