Imagine this: A text message sent from, let's say, Hong Kong, can hack into 950 million Android phones across the globe.

Scary? Certainly is, and this is not a make-believe scenario but now a reality Android phone users worldwide must confront, reported Forbes.com.

According to Joshua Drake, a mobile security expert at Zimperium zLabs, Android phones have become vulnerable to attacks delivered through a simple multi-media text.

Drake said that there are instances wherein these "exploits" or attacks are silent and users don't have a chance to defend their data, making them one of the worst Android flaws to have been discovered.

He said that although Google has sent out patches to its partners, most Android phone manufacturers have not made these fixes available to ensure the protection of their customers.

"All devices should be assumed to be vulnerable," he added.

An Android media playback tool called Stagefright is at the heart of this weakness. All a hacker has to do is to send an exploit packaged in a Stagefright multimedia message (MMS), which would allow them to write code to the device and steal data from sections of the phone.

Once the hackers have gained access to the device, they could already record audio and video, snoop on photos stored in SD cards, and enable its bluetooth.

Drake also learned that when the exploit code was opened in Google Hangouts, it would "trigger immediately before you even look at your phone... before you even get the notification."

"I've done a lot of testing on an Ice Cream Sandwich Galaxy Nexus... where the default MMS is the messaging application Messenger. That one does not trigger automatically but if you look at the MMS, it triggers, you don't have to try to play the media or anything, you just have to look at it," he added.

The Zimperium security expert said that he had sent several vulnerability reports together with patches to Google as early as 9 April. So far, a total of seven vulnerabilities already have fixes.

Meanwhile, Google is working hard to ensure that Android devices will not be vulnerable to hacks sent through test messages, according to Cnet.com.

A Google spokeswoman has confirmed that their partner companies are now armed with the patches they will need to safeguard Android devices. However, she did not explain in detail the specifics how these changes will push through, or when they will take place.

"The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device," the Google spokeswoman said.

"Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device," she added.

At this point, Android phone users need to be more cautious, as the next message they receive may just allow the guy beside them to hack into their devices.