A serious security flaw has been discovered in software used on tens of millions of Android devices that could give hackers complete access to the phone’s data.
The security vulnerability was discovered by Checkpoint researchers who were examining software running on processors made by Qualcomm.
Qualcomm, a U.S. based manufacturer, makes processors which are currently installed in around 900 million Android phones, the BBC reports.
Thankfully, there’s no evidence that these bugs have been used by hackers.
Michael Shaulov, head of mobility product management at Checkpoint, said:
I’m pretty sure you will see these vulnerabilities being used in the next three to four months. It’s always a race as to who finds the bug first, whether it’s the good guys or the bad.
Shaulov claims it took six months to reverse engineer Qualcomm’s code and reveal the bugs that allow attackers to gradually take control of a device and gain access to its data.
Qualcomm are believed to be working on patches to fix the bugs and have begun manufacturing patched processors to remove the vulnerability.
Patches are also being sent to phone makers and operators, although we don’t know if these companies have issued updates to customers’ phones yet.
The list of affected devices includes:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- US versions of the Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra