Google warns of Android flaw that lets attackers hijack phones

The root exploit is in the wild now, but fixes are on the way.

Sponsored Links

Jon Fingas
March 22, 2016 12:24 PM
Google warns of Android flaw that lets attackers hijack phones

Rooting (that is, using a security flaw to gain control over an operating system) is a staple of the Android enthusiast world, but it's also used by would-be attackers... and Google just offered a textbook example of this problem. It's warning of a vulnerability in Android's Linux-based kernel that lets apps get root access, giving intruders free rein over your device. And this isn't just a theoretical exercise -- Zimperium (which discovered the Stagefright bug) says it has spotted publicly available apps that make use of the hole.

The good news? Fixes are coming quickly, at least for some users. If you're using the AOSP version of Android, you can install a patch right now. You'll have to wait if you're using other releases, but a fix is coming in Google's next monthly security update, which hits April 2nd. The main concerns are that numerous Android manufacturers don't offer those updates in a timely fashion, or stop updating devices well before their useful lifespans are over. Even if you're running Android 6.0 Marshmallow, you might be exposed for months if your hardware maker isn't on the ball.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget