Alert Priority High
29 July 2015

Security researchers have uncovered a vulnerability they claim exposes 95 percent of Android phones to malicious individuals who simply need the user’s phone number to launch an attack.

The vulnerability is one of several the researchers discovered when analysing Android code and is believed to ‘critically expose’ an estimated 950 million devices worldwide.

The researchers state the vulnerabilities reside within the Stagefright media library that processes a range of media formats. The vulnerabilities arise because the library is implemented in a programming language relatively susceptible to memory corruption.

According to the researchers, the worst vulnerability allows attackers with an Android user’s phone number to execute code remotely using a multimedia messaging service file. In other words, attackers can access personal data and images on the phone. ‘A fully weaponised, successful attack could even delete the message before you see it. You will only see the notification,’ the researchers say. ‘These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.’

Android devices from version 2.2 (Froyo) and later are believed to be vulnerable, with users of devices running Android versions before 4.1–4.3.1 (Jellybean) particularly at risk.

Google has reportedly issued a statement that says ‘The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.

‘Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.’

Staying safe

You are advised to apply patches immediately when they are made available. Meanwhile, you are advised to be wary of retaining personal information and images on your Android phone.    

More information

Stay Smart Online has more information here about updating software.