Researchers have found a major security flaw in Android devices. It’s a bit of an interesting case because no one seems to know much about it. Typically, in a case like this, a researcher finds the flaw, gives the company a predetermined amount of time to fix it, and if it’s not fixed, he informs the public everything there is to know about it so they can take the proper precautions.
I’ve seen multiple sources about this. Some have said that it only affects pre-Jelly Bean devices while some are saying that the flaw affects Android 2.2 all the way to Android 5.1. Interestingly enough, nothing has been said about Android 5.1.1 or the Android M Developer Preview.
Basically, a hacker can send a media file to your Android phone and gain access to your device. In fact, you don’t even have to open it. It can happen while you’re sleeping. Otherwise, it would be the email solution, which is to not open messages from people you don’t know.
The fault is in a media library called Stagefright, a name which screams out security vulnerability. Apparently, there are multiple vulnerabilities in the framework.
Obviously, we don’t know exactly how to replicate the vulnerability. If you’ll recall, Apple had a messaging vulnerability not too long ago that would allow you to crash someone’s iPhone with just a text string, and everyone knew that text string. Skype had the same problem and patched it in 24 hours while Apple took over a month, just so they could sit on their next update while they wait for Apple Music launch day.
Why we don’t know exactly how to do it like we did in Apple’s case, you can be sure that any novice hacker can figure it out.
Nevertheless, maybe turn off MMS on your Android phone for now. Google has sent out a patch to all of the OEMs; however, that doesn’t mean your safe. Has your phone been updated recently?
We all know how Android updates work. Google sends them to the OEM, the OEM sends them to the carrier, and the carrier sends it to you. It’s a lengthy process.
This is assuming that your Android phone is still supported. Most major OEMs have a policy to support a device for two years from the date of release and release the newest update within 90 days. Sure, security updates will most likely get out quicker, but it’s a lottery.
Source: Venture Beat