Science and Tech


Stagefright Bug Triggered Unprecedented New Android Security

Carriers and phone manufacturers are stepping up their security updates like never before, now that the Stagefright bug is in the wild.
Posted at 12:06 PM, Aug 06, 2015

Android manufacturers and wireless carriers are doing damage control with the first fixes for the Stagefright bug.

Stagefright allows the execution of potentially malicious code through a multimedia message, such as images or video sent via SMS. (Video via ZIMPERIUM)

Now, Google has announced its own Nexus devices will get automatic security updates each month in addition to regular platform patching to fix Stagefright and whatever comes next. (Video via Google)

HTC, LG and Sony phones will also receive updates, as will Samsung, which has been making Android phones since 2009. The company just announced its first regular update plan. (Video via Samsung)

It straight-up admits Stagefright was the catalyst and acknowledges the "importance of time sensitivity in addressing major vulnerabilities."

In other words, Stagefright was scary enough — and hyped in public consciousness enough — to trigger something of a sea change.

Android Security Head Adrian Ludwig told The Verge"The OEMs are now really understanding and the ecosystem is really understanding how to react more quickly, because we all see that it's necessary."

Researchers say anything running 2.2 or later is vulnerable, which is just about every Android device according to recent polls. Pre-Jelly Bean phones — on Android 2.2 to version 4.0.4 — are at special risk thanks to "inadequate exploit mitigations."

And despite new patch efforts from OEMs and carriers, there are a lot of different handsets to protect.

OpenSignal keeps charts of just how many distinct devices and Android OS versions it encounters. It's not clear if Stagefright countermeasures will make it through the whole ecosystem.

The next steps are largely up to carriers. SprintAT&T and German carrier Telekom, for example, have started rolling out security updates to certain handsets.