Insecurity experts have uncovered a flaw in a component of Android which they can be exploited to gain control of the phone.
CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices. They apparently are going to demonstrate their findings next week at a major computer security conference in San Francisco.
The idea is that an attacker sends an email or text message that appears to be from a trusted source, like the user's phone carrier. The message urges the recipient to click on a link, which if done infects the device.
Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike said that at that point, the hacker gains complete control of the phone, enabling him or her to eavesdrop on phone calls and monitor the location of the device.
Google is saying nothing at the moment. But Alperovitch said that smartphone users need to prepare for this type of attack, which typically cannot be identified or thwarted by mobile device security software.