Researcher Finds Massive Android Security Flaw Where 950 Million Users Are At Risk

Omar Sohail
Posted 1 year ago

Looks like Google’s mobile platform has been struck with yet another blow in the form of a massive Android security flaw. On this occasion, hackers are able to compromise a device simply by sending either an MMS or a multimedia file. After the Android device has been infected, it becomes an instant gateway for these hackers to gain access to the device’s microphone, camera, and external storage. On rare occasions, this vulnerability will allow hackers to gain root access to the mobile device, which will definitely cause a stir for millions of Android users.

Android Security Flaw Has Been Able To Get Patched By Researcher, Which Would Otherwise Spell Disaster For Millions Of Users

According to the latest report, the Android security flaw was found out by Joshua Drake, who is currently employed at Zimperium. According to the researcher, he states that:

“I’ve done a lot of testing on an Ice Cream Sandwich Galaxy Nexus… where the default MMS is the messaging application Messenger,” Drake said in an interview with Forbes. “That one does not trigger automatically but if you look at the MMS, it triggers, you don’t have to try to play the media or anything, you just have to look at it.”

Another source, PC World, has stated the following concerning the massive Android security flaw:


“The library is not used just for media playback, but also to automatically generate thumbnails or to extract metadata from video and audio files such as length, height, width, frame rate, channels and other similar information. This means that users don’t necessarily have to execute malicious multimedia files in order for the vulnerabilities found by Drake to be exploited. The mere copying of such files on the file system is enough.”

Thanks to the efforts of Drake, not only was the massive Android security flaw been found out, but a patch has also been developed by the gifted individual in order to curb the malicious activities of hackers. He had shared his findings with Google this April and upon receiving the valuable information, the tech giant expeditiously applied the fix to its internal Android code base.

Android Spyware Targets Government and Military Security Job Seekers

However, just because there has been a fix to alleviate the issue does not the mean the entire problem has been eradicated. According to the source, it is believed that only 5 percent of Android users will not be infected thanks to this security flaw, while the remaining 95 percent of individuals are still at risk. What is the total number of people that are risk? 950 million, and specifically those that are running obsolete versions of the platform (version 2.2 and onwards).

Drake will be unveiling his findings at the Def Con security conference that is going to be held in Las Vegas so we will keep you updated with the latest.

Share on Facebook Share on Twitter Share on Reddit