Android mobiles are vulnerable to attackers sending maliciously-coded video messages, a US mobile security firm has said.
The multimedia messages could sidestep Android’s security measures and execute its code, with no required user interaction, to gain control of the phone and its devices.
The message could delete itself before the user sees it, the Zimperium zLabs Mobile Security researchers found.
Ways to protect against the attack for most devices are unknown, technology news website TechCrunch has said.
The hack is being referred to as Stagefright, which exposes 95 per cent of Android devices, Zimperium said.
Zimperium researcher Joshua Drake has sent patches to fix the bug to Google, who make the Android operating system, but they have yet to be approved.
The updates will also need to be installed via over-the-air updates by device manufacturers, which could take some time for some phones.
Google said it is investigating the issue and has already sent out patches to its partners.
"The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device," the company said in a statement.
"Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device."
