A software patch designed to fix security vulnerability in Google’s Android operating system can be bypassed, again making devices running older versions of the mobile platform susceptible to a bug, and making it easy for hackers to gain access to apps and personal data.
According to BBC News, the flaw only requires cyberattackers to send a specific text message to hijack a smartphone. Google released a patch that fixed the issue, but the security experts at Exodus Intelligence explained to the British media outlet that the supposed fix itself is flawed and could cause owners of Android devices to have a “false sense of security.”
Exodus representatives said that they were able to bypass the update, and that general public is under the impression that “the current patch protects them when it in fact does not.” They added that the patch was only “four lines of code” that was presumably “reviewed by Google engineers prior to shipping,” but that it did not solve the core problem.
Patch issue part of a ‘bigger challenge’ for Android
The bug, known as Stagefright, was discovered in April and only requires a would-be hacker to send a video message to access data and apps on a potential victim’s device. Details of the flaw became public in July, after a patch released by Google was integrated into the latest version of the mobile OS, according to BBC News reports.
At the time, Google said that there had been no reported incidents in which vulnerability had been exploited, and the Android developer told the BBC that the majority of users were protected by a security feature called address space layout randomisation (ASLR). ASLR, they said, makes it harder for an attacker launch attacks capable of compromising a smartphone.
The fact that there are millions of Android devices that still run older versions of the software, and that the flaw itself is not 100 percent fixed, suggest that Stagefright “is the early warning alert to a much bigger challenge,” security expert David Baker told BBC News. Since so many device makers modify Android, he said, “There isn’t a comprehensive update solution.”
The UK news outlet said that only 2.6 percent of Android phones run the latest version of the software, while rival Apple calims that 85 percent of their users have the current edition of the iOS mobile operating system. Baker said that since Apple has control over both hardware and software, they can patch flaws more quickly than is possible on Google’s open-source OS.
(Image credit: Thinkstock)
Comments