Do you remember when the Heartbleed virus scared the heck out of computer owners last year? And then iPhone owners were also vulnerable to hacking through text message earlier this year? Well, it is the turn of Android users to be paranoid as a cybersecurity company goes public with a detected flaw in the heart of the platform’s system called Stagefright. Around 95% of Android smartphones is vulnerable to hacking through a picture message that can be sent through MMS.
According to Zimperium, they found out this flaw, which is found in the “deepest corners of Android code” and sent out a warning to Google immediately, saying that this can affect all smartphones that use Android software from the last five years, starting with Froyo up to the current Lollipop. Because Android automatically processes incoming messages even before you open it, a malware-laden file can already start infecting a device as soon as the message is received. And unlike the iPhone hack that just freezes their gadgets, this hack can actually gain control of your whole smartphone, going as far as accessing your apps, turning on your camera, or even wiping your device clean.
They warned Google last April 9 and the tech giant acknowledged the vulnerability and said they will immediately issue a patch to clear this. But until now, 109 days later, no fix has been issued and so Zimperium decided to go public. Google has also no way of pushing out a fix themselves, as they have to go through the smartphone makers or the carriers to issue patches, so how fast everyone involved in this will respond is the key.
Google said that they have already sent out the security patch to its partners, and reiterated that Android can actually limit hackers’ access to separate apps and phone functions. But as we’ve seen in the past, determined hackers can actually get past these limitations. So Android users will now have to adopt a cautious wait and see attitude towards this whole thing and hope against hope that their device will not be infected with Stagefright.
So why in hell are the device companies and the carriers not updating our phones with the patch?