Stage fright Exploit Getting Addressed on Mobiles

In April 2014, the world became aware of a serious issue: the Heart bleed Bug. This exploit could potentially allow hackers access to vast amounts of encrypted login information for numerous websites. In April 2015, iOS devices could fall victim to a purposely flawed SSL certificate that allowed hackers to put an iOS device into a permanent restart loop. In July 2015, another widespread exploit was discovered, this time on Android powered mobile devices: Stage fright.

The Stage fright exploit on Android OS platforms could allow hackers access to the phone, possibly being able to take data, crash apps or the device itself, or any number of ill effects. The iOS exploit could be broken through connecting to an unsecured WiFi point (connecting to which isn’t generally recommended). This Android exploit can come from receiving a video message through your phone’s text messaging app. By opening and playing the video, a process in the operating system called lib Stage Fright (hence the name) runs the video. Hackers could access the root of the phone through this process. What’s worse, if you use Google Hangouts as your means of texting, and receive the malicious video through there, Hangouts automatically starts processing the video as soon as it’s received, rather than when it is opened, so even if you know not to open videos from people you don’t know, it could still infect your phone.

Now, on to the good news. As of this point, there is no evidence to suggest that the Stage fright exploit is being used by black hat (malicious) hackers. Even still, this exploit dates back to the Android 2.2, meaning it could affect some 900 million phones. Google has created a security update patch that it has already rolled out onto its Nexus phones, but all other Android manufactures have to make their own adaptation of the fix for every carrier before sending the update to consumers. According to Google, even though the exploit exists, it asserts that customers weren’t really at risk because of how applications limit the access to phone functions.

Google also said they would produce security updates every month on their Nexus devices, continuing security patches for every device from for about 3 years from its release date, according to Adrian Ludwig, lead engineer of Android Security. Samsung, a major Android phone manufacturer, has also agreed to produce monthly security updates for its users. Google has also said that the most popular  android devices will have the fix sometime this month. Some phones outside of Nexus have already been patched, but it shouldn’t be too long before most others are. In the meantime, it’s probably best not to open any videos from people you don’t know.

Source:­stagefright­megabug­patch­nexus­ phones­samsung­android

Leave a Comment

Your email address will not be published.

Related Posts