A security research company revealed that it has discovered a flaw in Google’s Android operating system, which could potentially allow hackers access to the personal data of millions of users. The company referred to this flaw as “the mother of all Android vulnerabilities.”
CNET gave further details concerning the discovery saying that, hackers could take advantage of it by sending a text message containing malware to an Android device; once received by the target, it could give them total control over the handset and allow them steal personal information.
Dan Ackerman of CNET told CBS News, “What they figured out how to do now is send you a text message that includes a video file in it. Because very often you can get a text that has a photo or video in it. And in the code for that video file is a string of malicious code that will then activate. And the catch is, you don’t have to actually watch the video. Just receiving it is enough to give people, potentially, access to your Android phone.”
Zimperium posted on its blog, saying that over 95% of all Android devices worldwide are vulnerable. “The targets for this kind of attack can be anyone from Prime ministers, govt. officials, company executives, security officers to IT managers,” the security firm warned.
Fortunately, the company revealed during an interview on National Public Radio that so far, the vulnerability has not been exploited by hackers. Ackerman said “that’s the good news.”
According to the firm, the company behind Android- Google, were duly informed about the discovery of the flaw in April and also, patches where supplied that time to help fix the problem.
The spokesman for Google released a statement to CBS news, saying:
The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device. Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult.
Google also said that there are reward packages on offer to encourage security researchers report any flaws they find and help make the system more secure. The company thanked Joshua Drake, a Zimperium researcher, for his contribution in identifying and reporting the flaw.
Drake told NPR that he believes only about 20%-50% of Android devices presently in consumer’s hands will actually get the updates, as a result of vendors’ negligence. This could still pose some risk to many users, even with the security patch being made available.
The number of phones that could be affected could be huge. Android is projected to have 79 percent of the global smartphone market share this year and with over 1.1 billion devices shipping in 2015, according to a report by the industry analyst IDC.