An Android vulnerability exists on 99 percent of their handsets, allowing hackers to modify applications on the phone for their own illegal uses. Hackers can steal data, look at information, or even take control of a phone's operating system while remaining undetected, according to reports.
The flaw in Android's operating systems was discovered by San Francisco security firm Bluebox, who discovered that the mistake in the programming goes back even to Android version 1.6, or Donut. The system is hardly ever used anymore, but he vulnerability remained and was revealed Wednesday by the firm.
"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," they wrote in the blog post, pointing out that over 900 million devices could be affected.
"The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone … make arbitrary phone calls, send arbitrary SMS messages, turn on the camera," the blog post continued.
The vulnerability has been dubbed Android security bug 8219321, according to Bluebox Chief Technology Officer Jeff Forristal. The security firm will showcase its findings more thoroughly at the Black Hat USA security conference in Las Vegas in later July, ComputerWorld reported.
Some manufacturers are taking matters into their own hands already. Samsung's flagship handset, the Galaxy S4, was recently updated with a fix for the issue, making it the only Android smartphone that is now invulnerable to the flaw, Forristal confirmed to CIO.
Google, who manufactures its Nexus line of smartphones and tablet, was notified of the flaw in February, but has yet to issue any fix for their devices.