The bug recently revealed as ‘Stagefright’ has affected over 1 billion Android users so far and it’s believed that everyone with an Android device is at risk. This is a severe bug, one that has forced LG, Samsung and Google – the three manufacturers of the digital devices affected the most seriously – to issue their users with monthly security updates and fix patching to rectify the situation.
The bug can provide the attackers with total control of affected devices remotely via a malicious media file in an MMS. Stagefright not only causes new problems for Android users but has also exposed them to old bugs and many have now found that they’re unable to update their devices to newer, more secure versions of Android.
Google is seen as having taken the greatest steps to rectify the situation, with its next security update for its Nexus devices – both phones and tablets – containing fixes for another two recently uncovered security flaws in its Android coding that have been given the name of ‘Stagefright 2.0’. The name was given to the bug due to their location in Android’s media playback engine called Stagefright.
Stagefright was first reported to Google in April by Joshua Drake, a researcher at Zimperium, a digital security firm. Speaking to Fairfax Media last month, Drake said that the latest two Stagefright bugs will not be the last and that his security company and others were expecting more bugs – which will be even more severe – to follow.
Google has already shifted to a monthly update cycle in response to Stagefright, with LG and Samsung expected to follow suit. While Google is seen as responding well to the crisis, many believe the other two Android vendors are lagging behind and need to take bold measures to prevent attackers exploiting more Android design flaws.