Security firm Check Point say they’ve discovered a vulnerability in the software that runs on chips made by the US company Qualcomm.
As one of the leading chip providers for tablets and smartphones Check Point believes that up to 900 million Android phones could be at risk.
The researchers discovered four key vulnerabilities which they’re calling QuadRooter. The flaws are believed to be located in the software that handles graphics processing and in the program that handles communication between different tasks running on the phone.
Among those affected the company say Google’s flagship range including the Nexus 5X, Nexus 6 and Nexus 6P are all at risk.
Other major smartphones include the HTC 10, LG G4, Moto X and all three versions of the OnePlus.
The BBC reports that the team of researchers spent six months reverse engineering Qualcomm’s code before finally finding the vulnerability.
However now its been discovered Check Point believe it’s just a matter of time before criminals take advantage of the flaw.
Michael Shaulov, head of mobility product management at Check Point said: “I’m pretty sure you will see these vulnerabilities being used in the next three to four months,”
Check Point have created an app for users to download via the Google Play Store which will then scan their smartphone and let them know if there are any of these vulnerabilities on their device.
According to Check Point Qualcomm has already started pushing out patches for the vulnerabilities to its phone makers and network operators.
It’s not clear yet how many phones have been fixed however the app should be able to help give users visibility over whether their phone manufacturer has pushed out an update to remove the flaw.