Over 950 million Android devices are in danger of being hacked through the security vulnerabilities discovered by Joshua Drake of Zimperium Labs. An estimated 95% of smartphones and tablets are susceptible of ?Stagefright,? a process of gaining remote code execution privileges merely by having access to a mobile number. So everyone might have something to think about when they give away their number.
The alarming thing about ?Stagefright? is that it is vulnerable to anyone, that even the most high-profile Andorid user is susceptible of the attack. Zimperium states that ?Stagefright? is a media library that processes several popular media formats. They explain that since media processing is often time-sensitive, the library is implement in native code (C++) that is more prone to memory corruption than memory-safe languages like Java.
So how vulnerable is Android? According to Drake?s research, he found multiple code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction. This makes ?Stagefright? the biggest Android vulnerability discovered to date. And for those Android versions prior to Jelly Bean, they are at a greater risk of being hacked.
Drake briefed Google, the creator of Android, about the vulnerability advising them that ?all devices should be assumed to be vulnerable.? International Business Times reported that Google makes only a fraction of the devices that use Android, so it is up to Google’s manufacturing partners to send out updates containing the fix to their devices.
?Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device,? Google told Fortune.
Last month, 600 million Samsung phones were also deemed to be in danger of malware attacks. The lapse, which is present in Samsung?s high-end smartphones, can affect models like the Galaxy S6, S5, S4, and S4 Mini. NowSecure, a security firm, shared that the lapse in the South Korean smartphone?s keyboard software Swiftkey, which has access to all the software in the phone, can be used to gather personal messages, pictures, and even operate phone camera if connected to a Wi-fi network. The bug can also install unwanted or malicious apps in the phone, and gather other sensitive information from the Android device.