One of the biggest vulnerabilities in the history of Android phones was discovered recently, putting 950-million phones at risk of a dangerous bug.
The bug affects Android phones that are using software made within the last five years. According to Joshua Drake of Zimperium, a mobile security firm, the hackers just need a phone number, and then are able to send a coded modified text message that does all the work .
The victim is not even required to take any action for the vulnerabilities to present themselves. In many situations, if the text is coded to a higher degree, the hack will process without the victim even opening it. Simply receiving the notification can trigger the hacker to gain information stored on your phone — from controlling the camera to reading text messages.
This bug is being called “Stagefright.”
This hack may ring familiar in the ears of many iPhone users. In May, it was discovered that a crafted text message sent from one phone to another on iMessage can briefly crash, and restart the phone of the recipient. Although the iPhone glitch is nowhere near as dangerous as the Android hack.
Zimperium warned Google of this bug on April 9 and sent them patches. Within 48 hours, patches for the bug were implanted by Google.
“We would like to thank Google’s Android Security Team for taking these issues seriously, addressing them by including our patches in the Android Open Source Project,” read a post on Zimperium’s website.
Putting those patches to use on peoples’ phones is still an issue. In an interview with ExtremeTech, Adrian Ludwig, Android Security’s lead engineer at Google said that they have limited control over what people decided to do to in terms of updating their phones.
“they’ve notified partners and already sent a fix to the smartphone makers who use Android, [but] whether it gets put into people’s phones is not in Google’s hands,” he said.
Updates made to Android software is controlled to hardware makers, and not by Google.