Trustlook has published its findings, and they are not pretty. A massive number of smartphone makers either use Chromium’s V8 engine for their Web browser or install Chrome as the default. So by market share and using Chromium-based browsers alone Samsung, LG, Huawei, Sony and Motorola are most affected.
The exploits include access to SMS, contacts, location, camera and microphone, credit card wallets and passwords. It specifically targets Messages, Facebook, Gmail, and Twitter.
"Since many phones are not using the most current browser software, I expect this zero-day attack will be used widely by hackers," said Allan Zhang, chief executive and co-founder of Trustlook. "Users should run a quick scan of their phone and update their browser if they are affected."
In Australia, Trustlook has identified 8.26% of sampled devices are infected. iTWire has tried to verify Trustlook’s claims, and they appear legitimate – the sky is falling although we are not sure how widespread it is.
Hackers primarily use socially engineered emails and SMS to encourage users to click on a link. The device continues to operate without visible signs of infection.
The vulnerability can be identified by Trustlook’s app on Google Play.
The cure is being rolled out by manufacturers but given Android's fragmentation and the number of older versions in use, it is unlikely to be useful except for late-model smartphones. Until then extreme care is advised for older handsets – don’t follow links in emails and SMS.