Like the recent iPhone-frozen-by-text issue that was recently in the news, Android phones are now under threat from hackers, but this time around it could be much worse than a simple frozen phone. As has been reported by several news outlets, a new vulnerability has been discovered that could harm up to 95% of Android phones, and doesn't even require the phone's user to do something foolish like open an untrustworthy attachment.
Basically how it works is this: When you receive a text message on your Android phone, a media tool called Stagefright immediately begins analyzing it, even before you've gotten the notification for the message, let alone opened it. According to NPR, several common Android apps, such as Hangouts, use Stagefright to process videos before they are opened to prevent delays when they are. This means that a text message with a picture or video attachment that contains malware can infect your phone before you even realize you have received it.
According to Jose Pagliery of CNN Money, the bug, which was first discovered by Zimperium, a cybersecurity firm focused on mobile devices, can attack Android phones that have software that is less than five years old, which means that 95% of Android mobile devices are at risk. About 80% of all smart phones run on Android software, and over 1 billion Android devices have been shipped, so this is a huge risk in the overall market. One security firm rep even called it a "Heartbleed for mobile."
Interestingly, there is some intrigue about why this is becoming news now. According to multiple sources, Google was made aware of the problem a few months ago. Typically firms such as Zimperium give companies that have to deal with a vulnerability or weakness in their systems 90 days to fix it. That time period has passed, which is why Zimperium went public with the news, as a fix for the problem still isn't widely available. But that isn't really Google's fault.
The problem is that Android is an open system. Pagliery, in the same article, said that, "while Apple can push out updates to all iPhones, Google can't." He notes that Google is well-known for having a problematic distribution system for Android systems, where both phone carriers like AT&T or T-Mobile and the actual hardware manufacturers like Samsumg also have to act to update software and push out fixes, which, according to NPR, some manufacturers are already doing.
Zimperium has stated that there isn't any evidence that the vulnerability has been exploited yet, so hopefully the attention that this bug is now receiving will get efforts to create a real fix moving a little faster.