Security on Android has always been a hotly debated topic. While Google has done its fair share to curb this menace, there’s no denying that hackers are still finding ways to find security loopholes on Android.
The co-author of Android Hacker’s Handbook and a security researcher at Zimperium, Joshua Drake mentions that the Hangouts application on Android has a massive loophole which allows any malware attacked to be masked in a video, without the users notice. The user doesn’t even have to open the message and the malware would creep in anyway.
The way it works is that a malware code is built into a short video and sent over to the target. And by default, Hangouts would auto-download that video so that the users are able to watch the video later at their convenient time. This is where the malware makes its way to the device, ultimately gaining access to the storage, camera and even the microphone.
Thankfully, Drake has seemingly sent out the full details of this security bug to Google, which means that a patch should be on its way soon. But even then, a patch cannot be sent out to all Android devices simultaneously as Google only has control over the Nexus devices.