Hackers are able to send malicious code, hidden within a multimedia message, in order to access an Andriod service called Stagefright.
Hackers are able to send the code via MMS to access the Stagefright service, without any action from the recipient. After stagefright has been accessed other data and applications on the handset can then be accessed by the code.
The flaw has affected a massive array of mobile phones running Android version 2.2 and higher.
The issue has been defined as extremely dangerous, with researchers from the information security company Zimpherium stating that they believe it is one of the worst Android vulnerabilities noted to date.
“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” commented the Zimpherium researchers. Google has stated that it has provided a patch for the problem after researchers contacted the organisation, however millions of devices still need their software updating.
“On some devices, the privileges at which this runs means an attacker could access all kinds of content on your device or access resources such as the camera,” commented the global head of security research at Sophos, James Lyne.
In a statement, Google said: “This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no-one has been affected.
“As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we’ll be releasing it in open source when the details are made public by the researcher at Black Hat.”