A bit of a chill has recently gone down the spine of a majority of Android users. This is due to a potential exploit that was brought to the public’s attention by the security company, Zimperium. Said company said that they had discovered a “unicorn” exploit in Android that they dubbed “Stagefright,” which could supposedly affect almost a billion Android devices. Thankfully, Google and some big Android smartphone manufacturers were able to address this issue in a very timely manner.
Before talking about what steps these companies took to prevent this Stagefright exploit from affecting any devices, let’s take a moment to quickly go over what exactly this exploit is and how it works. Stagefright is an exploit in Android that affects all Android devices running Android 2.2 Froyo and up, which is definitely a substantial amount of devices, hundreds of millions actually. The exploit works via a malicious video sent through MMS to an Android device, which will more than likely then auto-retrieve the video and process the video file. This allows the malicious video file to cause harm to the Android device through the libStageFright mechanism.
This whole Stagefright exploit situation sounds pretty bad, doesn’t it, you should probably be pretty worried, right? Well, first off, there is absolutely no evidence that this exploit has been used in the wild before, meaning that it has likely never actually been used by hackers. On top of that, Google, as well as some of the top Android manufacturers have already announced that their devices will be receiving monthly security updates from here on out to prevent exploits such as StageFright from becoming an issue. Google even took it a step further with the creation of a Google Group specifically for Google to provide information on the latest most glaring security issues. The first post is obviously all about the Stagefright exploit.
Google doing this could likely be due to security issues such as Stagefright being blown out of proportion by a lot of media outlets. It always tends to happen when these types of issues are revealed to the public and that’s not a good thing. The public, especially the part of the public that does not live and breath tech, needs to know the truth about these security updates, but the real truth and not the exaggerated truth. Google creating this Google Group to have their security experts discuss security issues is definitely a step in the right direction and more moves like it need to be made in the security space.