Millions of Android phones are at risk of being hacked after security flaws were found in their microchips, researchers claim.

Speaking at a hacking convention in the US, computer security firm Check Point announced that it had found a bug - which it has called QuadRooter - that could affect up to 900 million Android phones.

Vulnerabilities in the processor chips made by US firm Qualcomm are used in phones made by BlackBerry, Google, and LG among others.

However, there is no evidence that the issues have yet been used by cyber criminals.

The alleged weakness is linked to the code that controls communication between different parts running inside a phone, and is believed to already be the subject of a fix or "patch" being built by Qualcomm to remove the issue.

According to Check Point, if a "malicious app" installed on the phone was able to exploit the vulnerabilities, it could "give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them".

The chip maker is yet to officially comment on the issue.

Check Point also suggested that the Android platform as a whole - which is open to dozens of different manufacturers and software developers - was part of the issue, with updates taking too long to pass through the system.

This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users.

A spokesperson for Check Point

How can I keep my phone safe?

  • Ensure your phone's software is up to date, especially security updates.

  • The free app, QuadRooter Scanner, can be used to check whether a user's phone is at risk.

  • Do not download apps from outside of trusted app stores.

  • Understand the risks of rooting your phone ( a means of unlocking the operating system so you can install unapproved apps, update the operating system, customise anything, etc).

  • Examine app installation requests and make sure they are legitimate before accepting them.

  • When installing apps read permission requests carefully.

  • Use trusted wi-fi sources.