THE MILLIONS of people who use Android phones have been warned that a security flaw has been discovered which could allow hackers to take control of their devices through sending a simple text message.
Cyber criminals need only the target's mobile number to attempt to infect their smartphone with malware via a multimedia video file text, which could even self-delete before it's read.
Unlike traditional computer viruses, the text does not need to be opened or links clicked on for the invasive programme to infect the phone.
It allows hackers to remotely record audio or video, take photographs or access the victim's pictures or messages.
Joshua Drake, of Zimperium mobile security labs, said: "Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep.
"Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual with a trojaned phone."
Vulnerabilities within Stagefright, a media playback tool, have left an estimated 95 per cent of Android devices running Android 2.2 and up open to attack, the company said.
Technology firm Google has taken swift action to remedy the vulnerability after it was first flagged in April, but warned the process is likely to be lengthy due to all the required updates.
Users are recommended to contact their device manufacturer or mobile carrier to check whether their model has been updated with the required patches.
Google said in a statement: “This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users."
However, Forbes has reported it appears that no single manufacturer has created a fix for its users thus far, while Google will be rolling out fixes for Nexus devices from next week.
"Smartphone manufacturers should take this as an opportunity to show how serious they are about defending the security of the customers who have already and deploy credible fixes as soon as possible," said David Kennerley, threat research manager at cybersecurity firm Webroot. "Something tells me this isn’t a story that isn’t going to go away anytime soon.”
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here