Can Android Phones Be Hacked? All It Takes Is One Malicious Text Message, A Security Firm Says

Looks like a bad news for Android users as just one text message is all that it takes for hackers to gain control of an Android phone.

Mobile security firm, Zimperium, has taken the lid off a flaw that leaves a staggering 950 million gadgets vulnerable to attack.

With nearly 95% of Android devices exposed to attack, Google reportedly has a fix for all Android makers, however, there is no confirmation on it will release a patch.

If the delayed releases of Android updates are anything to go by, this apparently could take quite some time, CNet notes.

The glitch dwells in the media playback tool built into Android dubbed Stagefright. Taking advantage of this flaw is a walk in the park for malicious hackers as all they need to do is send a Stagefright multimedia message containing malware to an Android device to gain complete control over the handset and easily steal any personal data such as credit card numbers on it.

The hacker can simultaneously hijack the affected Android phone's camera and microphone, among other vile actions.

This makes this flaw the most threatening Android security hole discovered so far. It can affect Android version 2.2 and on. Further making things worse, a hacker can delete the message even before a victim has a clue, says Joshua Drake, Zimperium zLabs' president of research and exploitation.

Explaining what makes these flaws even more dangerous, Drake wrote on his company's blog that "These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."

Unlike spear-phising, this malware does not require any action from the victim, and what's even worse is that the attacker can remove any traces of the device being jeopardized. The unaware Android users will continue their day as any other, but their phone is already carrying a trojan virus, Drake noted.

Within just 48 hours after Drake reported the serious flaw and potential fixes to Google in April and in May as another set, the search engine giant "acted promptly and applied the patches to internal code branches."

"The security of Android users is extremely important to us," a Google spokesperson said in a statement provided to CBS News, noting that the company responded immediately and provided "patches that can be applied to any device" to partners. Moreover, most Android devices along with all newer devices feature multiple technologies designed to make exploitation a challenging task for malicious hackers.

For those who help maintain the security of the system by reporting any flaws, the Web giant offer reward programs. Google applauded the contribution of Zimperium researcher Joshua Drake, who identified and reported the Stagefright vulnerability.

That said, despite the security patch being available, Drake noted that several users could still be at risk as only 20 to 50 percent of Android devices that are currently in consumers' hands will get the updates as a result of vendors slow reaction.