Stories
Slash Boxes
Comments

SoylentNews is people

Botched Google Stagefright Fix Won't be Resolved Until September

posted by CoolHand on Wednesday August 19 2015, @12:56AM   Printer-friendly
from the infected-droid-armies dept.

takyon writes:

El Reg details developments surrounding the increasing worrisome state of Android security:

According to security company Rapid7, Google needs to rethink how it patches Android in the wake of initial botched attempts to resolve the Stagefright vulnerability.

The criticism comes as Google itself confirmed users of its Nexus devices – who are the first to get security fixes – won't be fully protected until September.

The Stagefright vulnerability for Android phones creates a means to infect devices simply by sending a booby-trapped MMS message. An estimated 950 million devices that run Android versions 2.2 through 5.1 are at risk. Version 4.1 and later have defences that mitigate, without eliminating, the possibility of a successful attack.

The Stagefright vuln, discovered by Zimperium, ultimately stems from flaws in code handling multimedia files.

Google released a six-pack update to resolve the Stagefright vulnerability last week, but it quickly emerged that one of the components was incomplete, so that even patched devices were still at risk.

These shortcomings have put back the whole security remediation process by weeks.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Botched Google Stagefright Fix Won't be Resolved Until September | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by nyder on Wednesday August 19 2015, @02:49AM

    by nyder (4525) on Wednesday August 19 2015, @02:49AM (#224744)

    While this sucks for people and also shows what exactly google has become (slow big ass corporation that can't move fast anymore), it's a boon to various android devices that haven't been root yet. For example, the Amazon Fire TV has been hard to root for awhile, because there hasn't been any software flaws to be found. Now, thanks to stagefright, it can be root again (providing someone writes the software for it, peeps are working on it).

    This also shows the problem with Android OS. Every phone that doesn't get updates is vulnerable and no manufactures gives a fuck. After all, it's a chance to sell everyone new phones.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 1) by Francis on Wednesday August 19 2015, @03:03AM

    by Francis (5544) on Wednesday August 19 2015, @03:03AM (#224754)

    AT&T pushed the update without explaining what the update was for and managed to unroot my phone in the process. And then I found out a day or two later that the fix wasn't even effective, so they've manage to increase the risk of damaging my phone while still failing to fix the problem.

  • (Score: 2) by Nerdfest on Wednesday August 19 2015, @09:47AM

    by Nerdfest (80) on Wednesday August 19 2015, @09:47AM (#224899)

    A good policy is to avoid phones that can't be rooted without exploits. Sure, you can side-load, but they're almost as bad as iOS devices; you don't actually own them.