Almost 3 million Android devices are vulnerable to man-in-the middle-attacks that could turn over full control of the handsets to hackers. The attack hits at root level and sends device information and more to a server in China, and to two domain names that were hard-wired into the affected handset's firmware. BitSight Technologies registered the two domain names and control them.