When a top end security firm, which successfully helped hundreds of technology companies secure their data, claims that over 95 percent of the Android phones in the world is vulnerable, it is impossible to not believe them.
Zimperium is a reputed security research company which dedicates a majority of its time in assisting companies and saving them from hacking attacks. The rest of the time they work on fixing security flaws earlier so that an attack is prevented even before the hackers identify any vulnerability. In the case of the Android operating system, the company had identified a security flaw caused by a tool named ‘Stagefright’.
The simple tool which was integrated into the mobile operating system to enable media playback is now confirmed as vulnerability by the company as well as Google. The firm identified that out of the one billion Android phones shipped last year, 950 million devices are vulnerable. If you are using a device that runs on Google’s OS, there is no guarantee as to whether it has already been compromised or not.
However, speaking to the National Public Radio, Zimperium confirmed that the flaw is yet to be exploited by the hackers. The vulnerability prevails though and if it is not fixed in a short period; it could lead to a chaotic situation on a global scale. Google has already been notified of the vulnerability to which the company responded saying that they have the patches ready to fix it, in case an attack is initiated.
The intimation was made in the month of April, but the patch file is yet to be rolled out to all the Android versions.
Compromising Devices through Text Message
The way the vulnerability works has been explained in detail by the security firm. The user may never know that his or her phone has been compromised. It can be sent as a standard MMS message or as a simple text message through Google Hangouts. The highly complex code doesn’t require user authentication.
As soon as the Hangout message lands on your phone, a notification will pop up. Whether you open it or not, the malicious code will start running. It will run once again when you open a preview and yet again, when you try to play the video. With more than three different opportunities, compromising a device isn’t so tough. From them on, you will be using a hacked phone which can retrieve your usernames, passwords, credit card information, social networking credentials and every other information shared, using the Android phone.