At least 22 cellphone models using the Android platform had bugs that allowed the devices to be unknowingly hacked, according to Department of Homeland Security-backed research. The vulnerable devices are made by some of the largest cellphone manufacturing companies in the world, including Oppo, LG and Vivo.
Millions of phones were vulnerable across the world and it is unclear how many devices have been patched.
The flaws discovered by Kryptowire, a mobile security company based in Virginia, can make two-factor authentication and passwords seemingly useless.
On the G6 phone manufactured by LG, users could be locked out of their device and have their command history stolen. On the V7 phone manufactured by Vivo, a hacker could record the screen. And on the F5 phone manufactured by Oppo, an attacker could secretly record audio and take over the phone.