Why the Future of Android Depends on Security

Why the Future of Android Depends on Security:

If you own an Android device, you have noticed an increase in the frequency of software updates over the past year.  With the discovery of stagefrightlib, Android phones were at high risk where a single text could affect millions of phones at one time and per Forbes been identified “as the worst Android flaws ever uncovered.”

This vulnerability was as simple as sending an infected video file (MP4) to an unsuspecting user with an enticing label to get the user to execute the file.  Zimperium is the company that found the Stagefright bug, and apparently is hasn’t stopped there.

Recently Stagefright 2 has now been identified and Google has vowed to address these major issues by rolling out a monthly update system and within the past week have started rolling out three Nexus patches for its own units. Unfortunately, it has been reported that many Nexus users haven’t received the update yet and this has also been the case for Android phones for Stagefright 2 vulnerability.

Identified as one of the worst Android flaws ever uncovered

Our Analysis

Google’s monthly patch roll-out plan seems to not be as transparent to users as it should be.  Getting the patches is the easy part as they load over-the-air to most devices, however the patches are very clear in WHAT they fix.  We believe that Google is taking a step in the right direction, but more must be done.  If you own an Android device we recommend the following actions:

  • Ensure your phone is fully patched and up-to-date.  (you may have to bounce this question off your carrier or compare your phone operating system to the latest version)
  • Disable automatic attachment text message downloading under the options menu
  • If you do download a media text message, ensure you trust the sender
  • If you’re still using an older set such as the Galaxy S4, these phones were the most vulnerable and special care should be taken with patching them
  • Download Stagefright detector app from the Google Play store

Other Relevant Blog posts:

Android Lock Screen Vulnerability


Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

References

Forbes
Sophos Naked Security
The Guardian
Digital Spy
Google Play Store
Zimperium

Enter your email address:


Delivered by FeedBurner


Subscribe to our mailing list

* indicates required







About Matthew Eliason

Matthew Eliason was born in Houston, Texas.  Upon graduating from high school, he joined the Navy.  His first tour was as an Information Systems Technician of a 130 client DOD network where he developed the documentation and maintenance procedures from 2007-2012.  In 2012, he transferred shore duty where he serves as a system and security administrator. He graduates with a Bachelor’s of Science in Information Technology from American Military University in November of 2015. He holds the CompTIA Security+ certification and has extensive experience in DOD Information Assurance (IA) and Cyber Security compliance and procedures.  He enjoys golf, hiking, watching football in his spare time.