A recent discovery showing how an Android device can get infected by receiving an image via a text message is one of the biggest security flaws ever discovered. Currently, it affects approximately 95% of all Android devices in the market i.e. about 950 million mobile devices. Mobile phones process all incoming media files prior to you opening a message. Such media files include videos, audio and pictures. Zimperium, a cyber security firm with a specialty in mobile phones, states that an infected file can start affecting your Android device as soon as a message is received if the message has a malware-laden file.
A NEW MAJOR ANDROID SECURITY FLAW
This Android flaw might sound familiar because it resembles the recent Apple text hack. In the Apple text hack, a received text message with just the right kind of characters would force an iPhone to restart or freeze. The Android security flaw is more severe than the iPhone bug because a hacker can fully control your device at his or her peril. A hacker could switch on your camera without you being aware of it, access your applications or even erase all your phone contents.
In a recent statement to CNNMoney, the developers of Android OS i.e. Google acknowledged the security threat. The company assured users that the operating system has ways of restricting a hacker’s access to the various phone functions and installed applications. That statement notwithstanding, hackers have in the past been able to bypass some of the limitations imposed by Google.
According to Zimperium, this bug affects all Android mobile devices manufactured in the last five years. They include mobile phones running Froyo, Gingerbread, Ice Cream Sandwich, Jelly Bean, KitKat, and Lollipop. Zimperium said it warned Google of the flaw on April 9th and even went further ahead by providing a fix. The Cybersecurity firm claims Google responded to them the next day saying a patch would be released for its customers in the future.
Companies are usually given 90 days to iron out such flaws. Google is well aware of this 90-day grace period and often abides by it. However, it has been 109 days, and the company has not yet released a patch. That is the main reason Zimperium is going public with this news. The concern now is how quickly Google will fix this flaw for all Android users. Unfortunately, Google can’t push updates to Android devices as compared to Apple, who can do that.
Google is infamous for having a splintered distribution system. The release of new software is buoyed with so much red tape due to the numerous entities standing amid the tech company and its users. Phone manufacturers such as Samsung and the various phone carriers in the market like Verizon and AT&T need to work collectively to issue updates.
Google talked to CNNMoney stating it has already released a patch to its ”partners.” It is, however, unclear if the ”partners” have started pushing out the updates to the millions of Android users worldwide. It is for that similar reason that the Nexus phones, made by Google, were the first in line to receive the patch.
Such bureaucracy is the core reason why it’s vital to receive any software updates speedily. Chris Wysopal, an executive at cybersecurity company, Veracode, and a longtime hacker termed this flaw as Android’s version of Heartbleed. Heartbleed is a devastating bug that posed a serious security threat to millions of computer servers and networks last year. Chris said, ”I am waiting to see if Google will come up with a way of updating devices running on Android remotely.” ”Unless Google can do that, we have a serious catastrophe on our hands.”
If you’re cheap and don’t like privacy and also love to share data with shady hackers, then an Android phone is the right choice for you. If you prefer a nice user experience and a quality phone then youre better off buying an iPhone