See the whole article from Check Point software here.
Researchers at Check Point Software Technologies have identified a vulnerability in Android phones that could let hackers take over devices remotely, steal personal data and even turn phones into spying devices.
The "Certifi-gate" vulnerability takes advantage of preloaded apps that allow mobile carriers and manufacturers to remotely access your phone to troubleshoot problems.
Certifi-gate affects hundreds of millions of devices by top manufacturers running most versions of Android, including Lollipop, the latest and most secure.
The vulnerability is based on so-called mobile remote support tools, apps that allow manufacturers or service providers to access phones to fix problems remotely. (Ironic, huh?) If you call customer service because you can't get an app to work, or your calendar won't sync, reps use these tools to take over, fix what's wrong and get you on your way.
They work by accessing small components that come baked into the operating system when you buy your phone. Certifi-gate makes it possible for any app to potentially access those same plug-ins, giving hackers a way in.
If you unwittingly download a malicious app that targets the weakness -- an innocuous-looking flashlight app, say -- whoever made it can now connect to the innards of your phone without your knowledge.