Almost one billion Android devices are affected by a serious security flaw which can give attackers access to all data and hardware, including the camera.
The vulnerability, dubbed ‘Quadrooter’ was flagged by researchers from Check Point, an international cyber security company.
It affects all devices which use a Qualcomm chip – thought to be in around 900 million phones and tablets.
Michael Shaulov, head of mobility product management at Check Point, told tech news website ZDNet two weeks ago of his frustration.
He said: “No-one at this point has a device that’s fully secure. That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google.”
An attacker would have to dupe a victim into installing a malicious app on the phone, by sending them a link to download, for example.
The app would not require special permissions, allowing a hacker ‘root’ access.
That means they could see all data and use the camera and microphone.
Qualcomm says it has issued a patch which Google will release next month in its monthly fixes update.
Nexus devices will get it first with other manufacturers expected to follow suit a few days later.
The list of popular affected devices includes but it not limited to, BlackBerry Priv and Dtek50, Google Nexus 5X, Nexus 6, Nexus 6P, LG G4, LG G5, LG V10, Sony Xperia Z Ultram, HTC One, HTC M9, HTC 10, Blackphone 1 and Blackphone 2.
Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola, and Samsung were all sent letters by America’s Federal Communications Commission and the Federal Trade Commission earlier this month as part of an investigation into how and when they create fixes.
The agencies do not believe patches are created quickly enough, leaving smartphone users vulnerable, ZDNet reports.
A Qualcomm spokesperson said: “Providing technologies that support robust security and privacy is a priority for us.
“We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July.
“We continue to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities.”