Gaping hole in Android

All it takes is a single text message and a hacker has control of your phone – and the fix Google has promised to rush out might come too late.

Millions of smartphones could be at risk because of a flaw in Stagefright, a module in the Android operating system that enables phones and tablets to display movies and other media.

The fear is that a video could be used to deliver a malicious program that, once processed by Stagefright, would allow an attacker full access to your device.

“The hacker can do anything with that phone. He can upload spyware and the user won’t know,” cyber security specialist Danny Myburgh said.

The device’s cameras and microphones could be switched on, and personal messages read.

Google SA spokesman Mich Atagana said that the tech giant planned to release software that would patch the security breach next week.

But cyber expert Jacques van Heerden said it often took several months for software releases to reach phones.

“Updating is always a problem. It can take two to three months because Google passes the new code on to the device manufacturers for distribution to their users.”

Van Heerden said that older models of phones often did not update automatically. “You need to do it manually and that is not easy for a user,” he said. Android is the most popular operating system for smartphones in South Africa, running more than half of them.

There have been no reports of the Stagefright vulnerability being exploited by hackers so far.

But cyber security experts say that state intelligence agencies have been using such vulnerabilities in phones to spy on people.