Nearly one billion Android users are susceptible to Stagefright, a new virus already being considered the worst ever discovered in the smartphone.
Full details of the bug's impact will be released at the Black Hat convention in Las Vegas next week but, according to Zimperium zLabs security researcher Joshua J. Drake, hackers can take over a phone simply by sending a text message.
"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep," Zimperium said in speaking with Wired.
It doesn't even matter if the message is opened or not; Android's default media handling system automatically activates the video's code via the Hangout app, enabling the sender to do anything from delete messages to copy personal information to active the camera. The "trojaned phone" will remove any signs of being infiltrated before the user even realizes anything is wrong.
Google has been working on patches for the virus since Drakes notified them last April. In a statement given to Android Police, the Cupertino-based company promised updated safeguards would be included in security updates scheduled for next week.
"This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected," read the statement. "As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users."
Samsung, Google Nexus, T-Mobile, and HTC are working on fixing the problem, as di secure mobile company Silent Circle who tweeted "We patched Blackphone weeks ago!"
Despite the scheduled security update, millions of Android users remain unprotected. Drake believes as few as 20 percent of devices will get fixed, which makes sense given that Android phones are made by numerous manufactures who address issues at their own pace. In contract, Apple has sole control of the iOS system used in all Apple devices.
"We hope that members of the Android ecosystem will recognize the severity of these issues and take immediate action," the Zimperium team said. "In addition to fixing these individual issues, we hope they will also fix any business processes that prevent or slow the uptake of such fixes."
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction