Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, said he researched the problem to point out how mobile devices can be vulnerable to these attacks by hackers. It is the same MO used by hackers on desktop computers. First, find an unknown vulnerability in software, and then take advantage of it by sending malware that is activated via an emailed link or attachment. Alerovitch said, "With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices."
The software used by CrowdStrike to simulate the flaw will attack those phones running Android 2.2, which is 28% of the Android market currently. Next week, the firm says it will have a version of the software that can attack another 59% of Android models, those running Android 2.3. The flaw in the software can be traced to the WebKit browser on the phone.
Back in 2009, a pair of researchers, sent malicious code via text messages on the Apple iPhone. Apple quickly repaired the problem after it was publicized. Hopefully for Android users, Google will be able to do the same.