Yesterday we warned you that security researchers had found a way to weaponize the Android Stagefright bug, potentially putting 275 million Android gadgets at risk. The only upside to the news was that it doesn't affect the latest versions of Android, and it hasn't been seen in the wild yet.
However, there is another serious Android problem that is in the wild, which means hackers are using it to take control of Android gadgets. Let's look at what it does and how you can avoid it.
The threat is called a "rooting application." It's an app that uses a flaw in the Linux kernel that's at the heart of Android to gain root privileges. In computer terms, having root access means you can do whatever you want on the gadget.
Once the rooting application is installed, hackers can use the access to spy on you using the camera and microphone, read texts and emails, install other viruses or anything else they want. And because it's at the root level, getting rid of it isn't easy.
The flaw the rooting app exploits is found in any Android gadgets based on Linux kernel versions 3.4, 3.10 and 3.14, which is most of the newer Android gadgets. You can check your gadgets' kernel version by going to Settings>>About Phone and looking under "Kernel version."
This rooting flaw was actually fixed in the Linux kernel two years ago, however, Android using the Long-Term Support version of the kernel which means it's way behind. The next versions of Android should use the 3.18 kernel or higher, which doesn't have the flaw.
Google has released a patch to fix the problem in current versions of Android and sent it to its Nexus gadgets along with cellphone carriers and manufacturers. When the carriers and manufacturers will get the update pushed out to your gadgets is anyone's guess.
So, what can you do while you wait?
How to stay safe
The good news is that the rooting app won't be found in the Google Play store. Google specifically scans for apps like that and blocks them. The only way to get it is through third-party app stores.
Even if you don't frequent third-party app stores, you might get an email or text phishing attack that tries to trick you into downloading and installing the app. You can minimize this risk by going to Settings>>Security and unchecking "Unknown Sources." Your gadget will now refuse to install apps that aren't from the Google Play store.
Google also claims that its Verify Apps feature in Android will detect and stop known rooting apps from installing. However, there might still be unknown ones lurking out there.