It's been a rough few weeks for Android, at least as far as security issues are concerned. Just a few days ago we told you about the banking Trojan that was targeting Android users, and how ransomware is now hitting Android smartphones and tablets. And now, there's another security issue you need to know about.
News began surfacing yesterday about a flaw that has been found in mobile processors made by Qualcomm, and these processors are used in around 60 percent of Android devices. The flaw has also been linked to Android's mediaserver and to security issues with Qualcomm's Secure Execution Environment, or QSEE. It is being distributed by malicious apps.
This new flaw is quite alarming, and makes it possible for hackers to take over a phone or tablet.
Remember last year when we told you about the Stagefright flaw? It was a huge flaw that put nearly 1 billion Android smartphones at risk for hack. It was so bad that it prompted Google to start issuing monthly security patches for its security holes.
Researchers at Duo Labs are concerned that this new vulnerability is similar to that. However, where hackers could remotely take over your phone with Stagefright using just your cellphone number, this new flaw is being distributed by a malicious app.
Still, anything resembling Stagefright is alarming. It originally began with a text message that was carrying a malicious payload. It later evolved to the point where the text message was no longer needed, and the malicious code was installed on your device from an application download.
Stagefright spread rapidly and was difficult to stop because it exploited a vulnerability that was deep inside the Android operating system itself. It used Android's mediaserver as its avenue for the attack, since the text message or downloaded app would typically infect the device by playing a video.
That's what has researchers so concerned. This new flaw makes it possible for hackers to exploit a similar vulnerability.
Google was quick to issue a patch for this flaw, but that doesn't mean all Android users received it. In fact, according to Duo Labs, one out of every 200 Android users are still at risk.
This is because of the age-old problem that Android users face. Many Android users are still running older versions of Android operating systems that no longer receive regular updates.
If you have the current version Android 6 Marshmallow, the latest patch is typically pushed directly to your phone during the regular updates provided by your carrier. But, if you don't have the most recent version of Android, you'll need to take alternative steps for securing your device.