NEW YORK — Almost a billion Android users could be at risk from a data breach involving one text message.
Joshua Drake, a mobile security researcher at ZimperiumzLabs told Forbes that six vulnerabilities have left 95 per cent of Google Android phones open to hackers. The bug could be one of the worst Android security holes to date.
The weakness is in Stagefright, a media playback tool in Android.
According to Drake, attackers only need your cell phone number to execute the hack. The hacker would then send a multimedia message (MMS) which allows them to write code to it. They can then access all areas of the phone where Stagefright has permission to use including audio, video and Bluetooth.
The Stagefright vulnerability has been assigned with the following CVEs: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828 and CVE-2015-3829.
Drake says Androids below version 2.2 are not affected by the bug. Devices running Android versions prior to Jelly Bean are at the worst risk.
A spokesperson for HTC Corporation told Forbes that “Google has informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”