Researchers have discovered a bug in the chips used in more than 900 million Android phones that, if exploited, could give attackers access to a phone's settings, apps, camera and microphone.

The security team at Check Point found four vulnerabilities in the chip used in Android devices including the Samsung Galaxy S7, HTC 10 and Sony Xperia Z Ultra.

The flaw in the Qualcomm chip, which is used in 80 per cent of devices running Android, could give hackers the ability to add or delete apps to a victim's phone, access its camera, microphone and screen, or alter files that affect the way the phone works.

Although the researchers haven't found evidence of cyber criminals exploiting the bug, they believe it could be used within the next three to four months.