A security firm has reported that just one text message is needed to hack, spy on, and steal personal information from nearly one billion Android devices including smartphones and tablets, via Stagefright malware. Google has a patch to fix the vulnerability, yet considering the delay of past security updates, the big issue is when vendors will ensure that every Android mobile device will get it.
Stagefright can attack about 95 percent of the total Android gadgets, including smartphones and tablets running at least version 2.2 of the operating system (OS), according to ZDNet. About 1 billion units have been manufactured.
Joshua J. Drake, a Zimperium zLabs vice president, discovered Stagefright. He referred to it as one of the worst Android vulnerabilities that has ever been uncovered.
The malware is sent to mobile devices as a multimedia text message, such as a short video. When it arrives to a text message app, it starts attacking without the application needing to be opened.
It is different for Android Messenger users. They must open the malicious text message in order to be hacked.
The malicious text is linked to Android's Stagefright media library, which includes several formats for both audio and video playback. It processes the video before it is viewed.
In April Zimperium contacted Google about the security hole. A spokesperson reported in an e-mail response that it had sent the patch to all Android partners.
However, there is a problem. As of July 27, Monday no major Android Original Equipment Manufacturer (OEM) or carrier had made an official announcement of plans to send the patch to its customers, and it is possible that older devices will never get it.
Although it is critical that the mobile owners' vendors fix the security hole immediately as the malicious text can do major damage, Google's track record for delivering security fixes has not been outstanding, according to CNET. The patch is a short-term solution to a long-time problem.