The way the exploit works takes advantage of the ability to secure videos using what is called a Coder/Decoder (CODEC) routine. This is a bit of computer software that provides a way to encrypt and decrypt the video, so that video producers can secure their own content. However, a CODEC is simply a bit of software that frankly can do anything. Because the video the thief texts you specifies the CODEC it needs, as the video is received by the device, the CODEC is downloaded and installed as well - this all without any security checks, and without asking the user. The fact that Android allows any CODEC, gives it full access to the entire device environment, and does this in the background without your authorization or even your interaction, I find to be absolutely unacceptable.
before, and again, and again, and again, and again...Android is an inherently insecure mobile OS, because security is an afterthought, and wasn't built into it by design, at its core, like it was in iOS. If that isn't bad enough, to make matters much worse, the Android ecosphere is a mishmash of hardware manufacturers who have their own fork of Android that deviates from the main Google trunk. This means it isn't up to Google to get the update out for each device, it is up to the manufacturer. You can probably trust companies like Samsung, HTC, and LG. Probably. But how much, and how well will they do? And, if you have some other manufacturer, I can't even begin to say.
If that isn't bad enough, it has been proven that Android users typically go around with 2 year old OS (or older), and never download updates. That's right, you can have a brand new Android device, but the manufacturer forked Android 2 years ago (at the beginning of developing that hardware), and so the security you have is already 2 years old, out of the box. Another NPR article in the past week entitled "Trying To Keep Your Data Safe? You're Probably Doing It Wrong" states that tech experts have completely different priorities on what it takes to keep you safe from hackers, than the average non-expert. I completely agree with this article on every level - from the fact that the priorities are different, to the fact that tech experts put number one priority on system updates (from the OS manufacturer) as the primary bastion against hacking. Nothing is even remotely as important as downloading the latest OS updates - whether for phone, computer, tablet, or car. (If you followed that last link, you found that Chrysler vehicles from 2012 onward with UConnect have an Internet IP address, that hackers can use to gain control of the vehicle - and do anything they want, including shut the engine off.)
Further, recent news stories indicate Apple has hired several thousand employees with Automotive experience, on a top secret project. Rumors abound, but most likely is they are either working on aftermarket automotive systems, or a new electric vehicle to enter into the automotive market. I cannot think of a better company to make cars incorporating computer technology than Apple. Who best to take into account computer security, than one of the companies who helped create computers in the first place? And who best to lock that security to your digital world of smart phones, tablets, and notebooks? And who best to make it work seamlessly?
If this scares you, it should - you have a pulse. Do your research, and take action consistent with your findings. If it doesn't scare you, then go head and tempt fate. But when it comes crashing down on your head, and you have to jump through hoops because your credit is shot, your bank accounts raped, passwords stolen, and your entire real life ruined by the digital access to it - you only have yourself to blame for your choices.
(As an aside, if you are an Apple developer, iOS has done simple things like provide access to advanced technology through Kits - or libraries that give developers functions to call that makes it easy to write apps to do advanced things. But the Kits are secure, and allow the device user to control which apps have access to which functions - the camera, microphone, photos, Internet, etc. And, by default, apps cannot connect to insecure Internet connections, they must use encrypted SSL connections. If the app needs to do an insecure connection, the developer has to "jump through hoops" by adding exceptions to the app for specific web addresses, so that only those addresses are allowed to be communicated with over insecure, non-SSL sockets.)
What can Congress do about this? Nothing. As you are well aware, Congress is a set of selfish, greedy lawmakers who have lost all touch with their constituency, and are at the behest, beck and call of lobbyists. If they do eventually get around to doing anything, all they can do is pass a bill - and nothing they could do would have an impact, as it would be too little, too late. This technology is out now (has been for years), and the vulnerabilities exist now. It's up to you to safeguard you and your family.