Android Security Breach Puts Millions of Phones at Risk

Some more bad news for the security of Google’s mobile operating system, Android, as Researchers at Zimperium Mobile Labs have discovered a security breach which allows access to your Android device by simply sending it a message.

The exploit, which the team at Android are aware of and have patched quite easily works as simple as sending a message to a device, which opens up a door to allow someone access to your personal information and more. The method, of course, hasn’t been revealed because that would just be silly, and although Google has patched the bug, there’s still a big problem: manufacturers and carriers.

Due to how different manufacturers and phone networks handle the updates for their devices, despite Google’s efforts to patch up the glitch which Zimperium’s VP of Platform Research and Exploitation Joshua Drake says effects “95% of Android devices”, we’re still reliant on people like Samsung and AT&T to implement this fix into their own software and then push it out to their users. Something that’s become a huge problem for a long time.

The attack, which involves sending a maliciously modified video message to the device, it’s able to circumvent Android’s security measures and execute a remote code, giving full access to your device, storage, camera, microphone, and more. The attack is being called “Stagefright” as it’s also the bame of the media library that handle’s video processing and the code that’s being exploited.

The bug has apparently been around as early as Android v2.2, and is currently still found in Android 5.1.1 and Android 4.1, which run on most Android powered devices right now, thus making them the most vulnerable.


On the matter, a Google spokesperson has said:

We thank Joshua Drake for his contributions. The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.

Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.

Fingers crossed it gets patched out as soon as possible.