INDIANAPOLIS (WISH) — Cyber-security experts are calling a newly revealed Android flaw “likely the biggest ever discovered.” The flaw could allow hackers to wipe your Android device or even secretly turn on the camera.
New research suggests nearly a billion Android phones are capable of being hacked simply by receiving a picture via text. It affects 95-percent of the Androids in use today and you don’t even have to open the message for the malware to download.
That’s because of the way Android phones analyze incoming text messages. Even before you open a text, the phone automatically processes incoming media files, including pictures, audio, and video. Once that happens, the bug allows hackers to take full control of all device functions, including access to apps, the camera, and even wiping the device clean.
In a statement to CNN, Google acknowledged the flaw. It assured that Android has ways of limiting a hacker’s access to separate apps and phone functions. Yet hackers have been able to overcome these limitations in the past.
Zimperium, the company that identified the flaw, says it told Google about it in April and even provided a fix. The company says Google responded the very next day, assuring a patch was on the way.
A 90-day grace period is typical for issues like this, but Zimperium says 110 days have now passed, so they’re going public with the issue.
Google told CNN that it has sent a fix to it’s partners, but it’s unclear the message is getting out to users.
The problem is Apple can instantly push out updates to all iPhones if an issue ever arises, but Google can’t do that. Google has to work with their phone carriers, like AT&T and Verizon, and the makers of the devices, like Samsung, in order to reach users.
Longtime hacker and cyber-security expert Chris Wysopal told CNN “I’m interested to see if Google comes up with a way to update devices remotely. Unless they can do that, we have a big disaster on our hands.”