As we previously
reported, Google has placed a 'bug bounty' for research teams to discover potential threats to the Google Chrome web browser. Google has paid out $4 million since the bug bounty begain in 2010 and it seems a researcher named Zimperium, has uncovered a new vulnerability that has the potential to wreak havoc on our beloved Android devices.
This researcher states that the flaw exists within a media playback tool within the mobile software called Stagefright. By simply sending a text message, hackers could acquire complete control over the device and allow them to steal any content on it. The malware hides inside of a short video and as soon as the text is received, built in features to reduce time for viewing processes the video. It seems that short amount of time to process the video is enough for hackers to take control. This would include all personal information or credit cards.
A Google spokewoman had this to say regarding the mobile threat,
"The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device." The Google spokeswoman went on to add, "Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device."
Zimperium sent the patch that has been accepted to Google. He told the National Public Radio that he estimates only 20 percent to 50 percent of Android devices will actually get the updates due to vendors being slow to react -- if they react at all. You see unfortunately, fixes to the popular mobile operating system take time. To resolve issues within Android, Google provides patches through software updates handed down to device manufacturers. These manufacturers include Samsung, LG, HTC among many others to then provide these software updates to the cellphone service providers. It is then up to these carriers to push the updates to each phone. You can start to see how long this process could take. Thus many devices rarely receive the latest software available to them.
Currently, Zimperium tells the National Public Radio that the flaw has not been exploited. However, expressing the severity in a recent blog post, he states that 95 percent of Android devices worldwide are vulnerable.
The first wave of Android handsets obtaining the Stagefright vulnerability patch are here. T-Mobile, Verizon and AT&T step-up to provide a few of their respectable Samsung devices with a a software update to protect users against malicious MMS messages. Starting today, the T-Mobile and Verizon variants of the Galaxy Note 4 and Note 4 Edge have begun to receive this update. AT&T provides the same update to Galaxy S 6 and S6 Edge. Additionally, the update can also be found available on T-Mobile's Galaxy S5.
