There’s a lot of talk happening around the Android world regarding a security bug called ‘Stagefright’. For those of you who do not know what this is or the what bug do to your device, let us tell you. It is a remote code execution bug that hackers can use to attack Android devices.
Hackers only have to send a message to the device to take control without requiring the owners of the device to do anything. So unlike previous bugs which required the owner to do something like click a link or open a file, it can infiltrate any device even without doing anything. Hackers can steal your data and can even use the camera/microphone of the device.
The vulnerability is very dangerous and all the concerned parties are taking it very seriously. Google has already started working on a patch. According to Adrian Ludwig, lead engineer for Android security at Google “This is the single largest software update the world has ever seen.” All nexus devices are going to be patched. All the vendors like Samsung, Sony, HTC, Motorola etc. are cooking their own patches for the bug. Even carriers like AT&T are rolling out patches for certain devices.
Google has also released factory images containing the fix allows Nexus owners running alternative ROMs to install the fix, according to Android Police. Dong Jin Koh, Samsung’s head of mobile research and development, said in a statement:
“With the recent security issues, we have been rethinking the approach to getting security updates to our devices in a more timely manner. Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected. We believe that this new process will vastly improve the security of our devices and will aim to provide the best mobile experience possible for our users.”
Google is working very hard on the security issue. Google has announced Security Rewards for Android in June, a bug bounty scheme specifically for Android. The program gives smaller payouts for simple bug finds but for major bugs, payout can be as high as $38,000.
Zimperium, the company who have discovered the bug have an app on Google Play Store which tells whether your device has been affected or not. While patches are continually being released, it is still safer to check it.
So what can YOU, as a user, do? For starters, you can check for updates for your device. All the manufacturers are working very hard on this bug and already rolling out updates to their respective devices. Second, you can check updates for the messaging app you are using. You should also disable the auto-retrieve MMS feature in your messaging app as a preventive measure.
This demo video shows how Stragefight bug exploits Android devices:
We’ll be keeping you updated on further developments.
Zumperium published the findings in its blog – here.