Almost every Android phone can be p0wned by sending it a text. Many of them can be p0wned completely silently, and in most cases, you don’t have to interact with it – as soon as you look at the text, your phone is theirs.
This goes back to Android 2.2, inclusive. It’s a whole set of disastrous security holes, all in one platform. That whole Windows thing I posted about earlier is nothing compared to this. Nothing. This is an unmitigated disaster.
I mean, I’m looking at this from a security environment and just… how do you even fix this? Aside from the fact – fact – that Android phone manufacturers are absolutely infamous for never rolling out OS updates, much less security updates, the sheer number of pending p0wned devices – around one billion – kind of boggles the mind.
The only good thing about it is that battery lives and screen breakage will retire most of these devices sometime over the next three years. That’s how long this will echo around, because we can reasonably well assume the patch rate will be negligible.