Android users beware: security firm Zimperium zLabs issued a warning about a vulnerability it uncovered in April, what may be the worst Android security vulnerability to date. Hackers send an android user a text message with a picture or video attachment. The phone user does not necessarily have to open the message for the malware to work. And the malicious code can instantly take over the phone.
The hacker can remotely infiltrate a devise, exploit personal data, open its camera. The vulnerable component in this hack is Stagefright, an Android media playback tool.
Mind you, the timing of this announcement, a week away from the 2015 Blackhat conference is of course interesting.
It is not new news and Google issued a patch a few months ago. But because unlike Apple’s operating system which is native to the phones they produce, Android phones are manufactured and distributed separately from its Google OS. This makes it harder to control and identify which Android phones are at risk. The devices require over-the-air updates which means patching the hole is dependent on manufacturers that have been slow to act.
If you use an Android devise, and are unsure, you would be advised to disable auto retrieve on your phone and for Google Hangouts and Messenger apps.
Zimperium does state that it “does not believe that hackers out in the wild are exploiting it” which is the good news. The bad news is that with almost a billion Android users worldwide, dominating an 80% market share, this flaw makes for a lot of hacking potential.