Security Flaw Puts Android Phones, Tablets At Risk

Follow CBSMIAMI.COM: Facebook | Twitter

MIAMI (CBSMiami) - A major security flaw involving Android cell phones or tablets has the potential of giving hackers access to hundreds of million of users' personal data.

And all it takes is on text message with a video attachment containing malware. The user doesn't even have to open the text or play the video to be infected. This vulnerability is being referred to as 'stagefright', named after the Android software that reads media files.

The problem is with how Android reads video embedded in a text message. Some text messaging apps, like Google's Hangouts, may read the video file before you open it and thereby infect you before you even know you got a text.

Once the text message goes through, a hacker can copy or delete data from the phone or access the microphone and camera to spy on you. Android researcher Joshua Drake of the security firm Zimperium made the discovery. He said he informed Google, the company behind Android, of the issue back in April.

In a statement, Google said it would be sending out a fix to all of its partners, but there's no word on when that would happen and when it would be available as an update download.

Until then a South Florida cyber security expert says the best thing to do until the issue is resolved is not open text messages from unknown individuals.

"If you don't know where it's coming from, don't open it. Same thing on your computer. A pop up box comes up, don't be clicking on it," said cyber security researcher Gregory Hanis.

Drake said so far hackers have not exploited the flaw but that doesn't mean they won't if and when they discover the vulnerability.

It's estimated that more than 950 million Android phones and tablets are at risk.