The Stagefright vulnerability is likely the biggest Android security scare we have seen in a few years. And of course, this exploit leaves 95% of all Android users susceptible to attacks, which could easily be triggered by using a simple MMS message.
We know Google is working hard to keep Android and all its services as secure as possible. Google’s lead Android security engineer Adrian Ludwig reminded us of a few ways the Search Giant keeps us safe from hackers, just some days ago. He then took the stage at cybersecurity conference BlackHat, where he specified what Google is doing to fix this specific weakness in the Android ecosystem. Let’s dig into the details!
Security updates pushing out today!
Ludwig mentions the MountanView-based company has started sending out security fixes to Nexus devices this Wednesday, something we reported on today. In addition, these improvements have been sent out to all partners, allowing manufacturers to send out their necessary OTA updates.
It shouldn’t take long before all major smartphones get the highly anticipated upgrade. Google states most popular phones should be ready in August. This would include devices like the “Samsung Galaxy S6 and S6 Edge, the Galaxy S5, the Galaxy Note 4 and Note Edge, the HTC One M7, One M8, and One M9, the LG G2, G3, and G4, Sony Xperia Z2, Xperia Z3, Xperia Z4, and Xperia Z3 Compact as well as all Android One devices.”
Android Messenger app also being improved
The main issue about the Stagefright exploit is that it required no user interaction. An attacker could gain control of your device without you viewing, downloading or interacting with the handset. Hell, you didn’t even need to pull it out of your pocket! This raised immense security concerns, of course, and Google has decided to do something about this, as well.
While it’s convenient to have MMS files automatically downloaded and displayed, such is never the safest route. In wake of these risks, Google’s official Messenger app is being updated and stripped of the ability to automatically download video files from MMS messages. Now the user will have to to click on a video in order to view it.
Of course, Ludwig goes on to talk about his awesome ASLR technology, which is said to protect 90% of all Android users from vulnerabilities like Stagefright. Regardless, it was important for these issues to be addressed, and we are glad Google took things seriously and fixed everything in a timely fashion. Now we can all take a breath and continue getting those memes from our friends!