Quite possibly the worst Android bug that's ever existed has been discovered. It could mean the end for you smartphone.
All an attacker would need to remotely access your smartphone is your phone number.
The weakness comes from a part of the Android OS called Stagefright. The problem is so integral that is can affect 95 per cent of Android devices.
The attack is so efficient that it can be sent via an MMS. You don't even need to open it and may only see the notification of its delivery before your phone is no longer yours. Perhaps the most worrying part is that you can continue to use your phone without realising there is a trojan in there with access to everything.
The problem comes from Stagefright. This part of Android is responsible for media players. Since these are time-sensitive processes the code used is native C++ which is more prone to memory corruption than memory-safe languages like Java.
Any Android device equipped with Froyo 2.2 or newer are vulnerable, meaning most.
Google has already been informed and has applied a patch to help add some protection but it's far from ready. Some devices will require an OTA firmware update to be fully protected – something which usually take a very long time to reach all users. If your device is older than 18 months it'll likely not receive an update at all.
You can contact your handset manufacturer to find out what's being done for your protection, or just wait until an update gets released.
Google has since sent Pocket-lint a response:
"This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users.
"As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we'll be releasing it in open source when the details are made public by the researcher at BlackHat."