Security researchers have revealed two separate threats this week they say could put up to 90 per cent of the world’s two billion plus smartphones at risk of password theft, stolen data and in some cases let hackers take full control of devices.

One vulnerability involves flaws in the way scores of manufacturers of Apple, Google Android and Blackberry devices, among others, have implemented an obscure industry standard that controls how everything from network connections to user identities are managed.

The threat could enable attackers to remotely wipe devices, install malicious software, access data and run applications on smartphones, Mathew Solnik, a mobile researcher with Denver-based cyber security firm Accuvant, said in a phone interview.

Vulnerability allows malicious applications to trick software

A separate threat specifically affecting up to three-quarters of devices running older Android software has been unearthed by researchers at Bluebox Security of San Francisco. Dubbed “Fake ID”, the vulnerability allows malicious applications to trick trusted software from Adobe, Google and others on Android devices without any user notification, the company said.

“Essentially anything that relies on verified signature chains of an Android application is undermined by this vulnerability,” Bluebox said in a statement, referring to devices built before Google updated its core software late last year.

These risks could not be independently verified by Reuters. Solnik stressed that the threat to smartphone management software identified by Accuvant remained remote to average users.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.