Massive Android Stagefright security flaw: Google and manufacturers respond
Zimperium recently revealed a security flaw in Android that exposes 95% of Android devices, which it said is close to a billion phones.
Named after the libStagefright media playback engine, the bug lets an attacker send their victim an MMS message that can run any program it wants to on your phone.
This makes it possible for an attacker to take over your smartphone and steal your private information.
Android and derivative devices after and including version 2.2 “Froyo” are vulnerable, said Zimperium.
Not as widespread as first thought
However, Google said that although the bug is serious, it does not affect as many devices as Zimperium suggested.
Adrian Ludwig, lead engineer for Android security, spoke at the BlackHat security conference recently and said 90% of Android devices have a technology called ASLR enabled, which protects users from the issue.
ASLR has been enabled in the default Linux Kernel since June 2005, and was added to Android with Version 4.0 “Ice Cream Sandwich”.
Android manufacturers respond
Google and Android device makers said that measures are being taken to release security updates more rapidly for the platform.
Google said its Nexus devices will now receive regular over-the-air updates each month focused on security. At the same time, the fixes will be released to the public via the Android Open Source Project.
Samsung also announced it will implement a new Android security update process that will fast-track the release of patches when security vulnerabilities are uncovered.
Alcatel said it will roll out a patch to deal with Stagefright, while Sony, HTC, and LG have said they will release patches in August.
More smartphone security news
Your Android smartphone can be hacked with one message
Massive Samsung security vulnerability: are you affected?
How to easily crash an Apple iPhone