In July, a vulnerability that affected anywhere up to a billion Android phones was made public by software researchers. Google quickly made a patch available, but a security company said that it had been able to bypass the fix. This bug is called the Stagefright bug. The security company that found this update stated how this gives people a false sense of security.
Currently, 90 Percent Of Android Devices Are ASLR Enabled
Google told BBC in an interview that most of the Android users were protected by a security feature called the Address Space Layout Randomization, or the ASLR. At this time, over 90 percent of Android devices have the ASLR enabled. Enabling this is supposed to protect users from these issues.
ASLR is designed to make it harder for an attacker to plan an attack, and introduces more work into the process. This is more than likely to crash a smartphone in comparison to compromising its security.
Another Company Found That The Bug Was Still There And Offered Their Own Patch
However, this vulnerability still remains. In April, another security company found a bug in Android that could potentially let hackers access information and apps on a victim’s phone, just by simply sending a video message.
The company quickly disclosed this information to Google and provided their own patch for the software, which Google made available to phone manufacturers. Details surrounding this new flaw were made public in July, after Google had integrated the patch into the latest version of Android.
Currently, Google pointed out that there haven’t been any reports of anybody exploiting the bug. This week, the first security company said that one of their researchers was able to bypass the patch easily and that the original venerability still remains. On their blog, they said that the public believes that the current patch in place protects them from this vulnerability, when in fact it does not.
New Bug Could Be The Beginning Of A Bigger Problem
Another researcher from a different security company described the Stagefright bug as an early warning sign to a much bigger problem that could quickly arise. There isn’t currently a comprehensive update solution to the Android bug, since there are so many different device makers that modify the software. Android is an open source operating system that can be modified by a number of different phone companies.