Why 95 Percent Of Android Users May Be At Risk

As many as 950 million Android phones have been found susceptible to data theft after six critical vulnerabilities were exposed, a mobile security expert has warned.

The data theft attack, which can be initiated by a multimedia message sent to an Android phone, is so crippling that Android users would have a sparse chance of shielding themselves against the attack, Joshua Drake, vice president of platform research and exploitation at Zimperium, told Forbes.

For example, when the exploit code was run in Google Hangouts, it would start unpacking without even giving the user a notification to check the phone for the newly arrived message, Forbes reported.

The bug, which was reported and sent to Google by Drake, led the company to release patches to its partners, but apparently most phone manufacturers have yet to install the patches to safeguard customers — thereby, leaving over 95 percent of Google Android phones vulnerable to an attack.

The vulnerability was observed stemming from Stagefright, a media playback tool for Android that allows remote code execution to infiltrate the device and steal data using the permissions for Stagefright. Once the device has been hooked, the hacker could walk away with audio-video files, pictures stored on SD cards and even remotely control the device’s Bluetooth.

“I’ve done a lot of testing on an Ice Cream Sandwich Galaxy Nexus … where the default MMS is the messaging application Messenger. That one does not trigger automatically, but if you look at the MMS, it triggers, you don’t have to try to play the media or anything, you just have to look at it,” Drake said in an interview with Forbes.

And while Google has accepted the vulnerability reports and patches sent by Drake, it has yet to release some updates for its homemade Nexus phone, leaving the users at risk.

“Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device,” Google said in a statement.

To check out what else is HOT in the world of payments, click here.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment