Previous Story
Google, Samsung take Android security seriously; promise bug fixes every month
The problem could potentially allow hackers to take over an Android phone – in some cases just by sending the target a text message, they said.
The StageFright security issue has caused Google to improve its updating procedures for the Nexus line of Android devices.
Google’s Android blog has the low-down on the new update policy for its Nexus products. However, the Korean company’s global reach and availability on myriad networks means it is having to speak with local carriers about implementing the updates, meaning they could take some time.
The first update comes in wake of the vulnerability discovered in the Android StageFright media playback engine that could put users of millions of devices at risk. “Android was built from day one with security in mind”, according to an August 5 Google blog post.
For three years, Google has given Android manufacturers regular updates about flaws that need to be fixed.
Adrian Ludwig, lead engineer for Android security, spoke at the BlackHat security conference recently and said 90% of Android devices have a technology called ASLR enabled, which protects users from the issue. More than 90 percent of Android phones have a security measure known as address space layout randomization, which is designed to significantly lessen the damage attackers can do when exploiting vulnerabilities. As the fixes will be available open source, it makes sense that other manufacturers like HTC, Sony and LG will follow suit.
Meanwhile, Samsung has also announced its new aggressive Android security update process that will track faster security patches over the air when security vulnerabilities are uncovered. Sprint, AT&T and German carrier Telekom, for example, have started rolling out security updates to certain handsets.
Users can update the patches either manually, or with the OTA option by going to the settings tab, select “About the Phone” option, and select “Software Update “option”.
A Samsung VP commented that “developing a fast response process to deliver security patches to our devices is critical to keep them protected”. For starters, you will have to disable the automatic retrieval of MMSs on your device, which most messaging apps support.
