SAN FRANCISCO -- As many as 950 million smartphones and tablets could be taken over by hackers through any of six critical vulnerabilities recently found in the Android operating system. Through these vulnerabilities, hackers are capable of taking over devices by simply sending them photos or videos containing malicious code.
The vulnerabilities were discovered by Joshua Drake of Zimperium zLabs, a mobile security firm, who told Forbes that for some devices, hackers can take over the phone without requiring a user to open or view the malicious message. All hackers really need are a list of Android phone numbers and they could start infiltrating devices.
If a hacker exploits these vulnerabilities, he or she could use the device to record video or audio, look at photos on the device or even take over the gadget's Bluetooth function. For some devices, like the Samsung S4 or the LG Optimus Elite, the vulnerabilities can be used to completely take control of the gizmo.
Drake informed Google, the maker of Android, of these vulnerabilities in April. Google has sent out patches for the software, but Drake advices that "all devices should be assumed to be vulnerable." That's because Google makes only a fraction of the devices that use Android, so it is up to Google's manufacturing partners to send out updates containing the fix to their devices. For now it's unclear which Android manufacturers have updated their smartphones and tablets.
“Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device,” a Google representative told Forbes, adding that all devices should receive a patch in the coming weeks or months.