Researchers found a bug in the Android mobile operating system that could potentially affect up to 1 billion devices. If hackers were to take advantage of this flaw, they could affect the smartphones of others by sending a video or phone message. This could take place, even without any action on the part of the device owner.
According to a statement by Google, they have already released a patch for the security issue. It does require a software download, however, and there may still be millions of devices that have not yet received the update that is necessary to fix this security hole.
The researchers that discovered this problem with the mobile Android operating system were from US information security company, Zimpherium. They released a statement that notified others about this potential issue, stating that it was “extremely dangerous” and was one of the worst vulnerabilities to be exposed with the Android system up to this date.
Zimpherium also estimated that 950 million different mobile devices were affected by this flaw.
This issue could have been exploited by hackers, as they could have sent malicious code through a multimedia message to the android device. Once the malicious code was on the device, it would activate Stagefright, which is an Android service. After Stagefright was running, it would allow the hackers to access other apps and data on the device.
According to researchers, this security risk was “extremely dangerous because they do not require that the victim take any action to be exploited.” Further details about the security problem are coming and are slated to be released in Las Vegas next week at the Black Hat security conference.
According to another security company, Sophos, the security hole in the mobile Android operating system affected a massive number of phones that were running android 2.2 or higher. According to James Lyne, head of security research at Sophos, “An attacker could access all kinds of content on your device or access resources, such as the camera.”
After being notified of the security risk, Google began to search for a patch to repair the problem. Although a patch has already been released and has been downloaded to millions of mobile devices, there are still millions of other devices that remain unpatched. This is largely due to delays in distributing updates on the part of mobile operators and manufacturers. In addition, Android users have the option to manually reject updates as well.
According to a statement by Google “This vulnerability was identified in a laboratory setting on older android devices.” They also went on to state that as far as they knew, “no one has been affected.”
Further updates are going to be pushed to the Nexus devices beginning next week. Nexus, which is Google specific, is typically the first to receive updates because it does not require additional modifications or permissions from mobile carriers and manufacturers.