This post was updated at 4:14 p.m. ET. It’s being called Stagefright, and it affects versions 2.2 Froyo and newer of the OS.
Advertisement
There’s a lot of Nexus rumours floating about, and with two phones rumoured to be launching it’s no wonder. Google has had months to write a patch and already had one ready when the bug was announced, but as expected, getting the patch through manufacturers and carriers was complicated and hard.
Black Hat 2015 For those of you anxious about the Stagefright flaw in Android, be reassured, a patch will be coming down the line in the next few days.
During the process, however, the user is completely vulnerable to whatever very bad security flaw is making the rounds because the carrier has to ensure that whatever terrible bloatware they’ve bundled in with Android devices isn’t rendered inoperable by a bug fix. This indicates that the code running on your device hasn’t been changed or corrupted and it comes from a trusted source. It’s the software version of open heart surgery.
We are working with carriers and device vendors to design solutions to protect users that do not now have Zimperium zIPS on their phones.
Clearly there’s a difference of opinion.
It’s the simplicity of Stagefright’s attack that has caused Google and Samsung to spring into an action that should have been taken long ago.
Are you a Nexus owner?
Google said that they have contacted and passed on the solution for the bug that was found in their operating systems to other mobile manufacturers. Fortunately, it looks like Android device makers aren’t asleep at the wheel.
– Sony: Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact.
The first of these updates has already started and aims to fix the Stagefright security issue.
Nexus 5 2013 is made by LG Electronics and has been well-loved and accepted by many Android users. “It now exists. This is really a watershed moment for us as an industry”. But whether they act on that information is not in Google’s hands. It’s just that the company will get the update rolled out sometime this week.
Bryan Glancey, a security researcher with Optio Labs, used to work for Samsung.
“Device fragmentation is not the only challenge that developers face when building for Android, as the operating system itself is extremely fragmented”, the firm said.
Advertisement
Now Google’s Android partners including Samsung, LG, Motorola need to follow to implement a similar regular updating process to make sure Android is save for its customers. An attacker needs only to know the victim’s phone number.
