A bug in the Android mobile operating system has been discovered by researchers, who say it affects nearly a billion devices. Researchers from US information security company Zimpherium said they believed it was one of the worst Android vulnerabilities to date, estimating that 950 million devices were affected.
Hackers were able to send malicious code within a multimedia message (MMS) that could access a service within Android called Stagefright, which could be invoked without requiring any action from the recipient. Once the service was exploited, other data and apps on the handset could be accessed by the malicious code.
Google said it had patched the problem, but millions of devices will remain unpatched as they await software updates from their hardware manufacturers or mobile operators. In a statement, Google said: "This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no-one has been affected. As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we'll be releasing it in open source when the details are made public by the researcher at Black Hat."