For the past week we’ve been hearing about and reading countless overblown stories and articles claiming that more than 950 million Android devices could get infected with malware because of the “Stagefright vulnerability”. Some have even called it the “worst Android vulnerability in the mobile OS history!” In reality it isn’t nearly as severe as many make it out to be, it’s already being fixed, and here’s a few things Android users need to know.
While this is a serious issue, yes, it isn’t nearly as dangerous as any of those click-bait articles make it out to be. The exploit was announced on July 21st by a mobile security firm named Zimperium ahead of its annual party at the BlackHat Hacking conference. What you don’t know, is that out of the “950 million potential victims” this exploit hasn’t been used once. Not a single user has dealt with malware or a virus because of this.
Before we get into more details about “Stagefright” and what it could do, and how, don’t worry because it’s already being fixed. As of this morning updates are going out to Nexus devices, not to mention Sprint and AT&T have pushed updates out to multiple smartphones with patches or fixes, and more are coming soon. Read on for all the details.
This huge problem and malware that could wreck havoc on every android smartphone and tablet on the planet, is completely overblown. It is a serious issue, but at the same time something that almost no one needs to worry about. Here’s more details.
What Is It?
So what is Stagefright? Without getting too technical or geeky on the subject, it’s a vulnerability in the Android OS (Google’s media playback engine) that could technically deliver malware or a virus to smartphones and tablets through a text message, video, MMS or other media files.
A user gets a text message and your text app instantly downloads the photo or GIF, or a video sent through Hangouts, WhatsApp, Gmail and so on. Since most apps automatically open and download these, the malware could instantly attack your device before the user does anything. This could effect all Android devices dating back to Android 2.2 from years and years ago, but not a single hacker or “bad guy” has used this exploit. It is potentially a big problem, but one that has never actually caused any harm, but could.
This is something that has been a problem for the past five years, but has never actually been used for malware or malicious activities. So in short, don’t worry about it.
Google and its partnering carriers and manufacturers release updates all the time, and all of those typically have some sort of security updates or patches, along with major updates. Like going from Android 5.0 Lollipop to Android 5.1 Lollipop. It changed a lot visually and added new features, but also fixed some security issues behind the scenes.
Google has known about Stagefright since as far back as May, and already has a fix in the works, as do all major Android manufacturers. Basically, this huge problem that hasn’t caused any harm yet, has already been fixed, and now we just need to wait for updates to arrive from all carriers and manufacturers. A quick and painless over the air update will patch the problem, and all Android owners can go back to using their device without worry.
Today Google announced some big news. Starting today, Wednesday August 5th, an update will begin rolling out to the Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player. All of these will receive an update fixing multiple things, including the famed Stagefright issue.
Furthermore, Google also revealed that moving forward all devices in the Nexus program will receive updates once a a month aimed at addressing any potential, and future security concerns. What this means is Google is taking security even more serious than they already do, and will push monthly over-the-air updates out to all devices to keep them safe. These will then trickle down to LG, Samsung, HTC, Motorola, and everyone else, to keep any and all Android devices safe.
Samsung Stagefright Updates
Samsung appears to be the first manufacturer on board here, working as fast as Google to deliver an update to fix this “problem” and we can expect all major Android manufacturers to push out updates over the course of the next week or two.
This morning we learned that Sprint and AT&T both started pushing out over-the-air software updates to an array of smartphones to patch the Stagefright vulnerability. AT&T has begun sending updates to the Galaxy S6, Galaxy S6 Active, Galaxy S5, Galaxy S6 Active, and the Samsung Galaxy Note 4.
At the same time Sprint announced updates to the Galaxy Note Edge, Galaxy S5, Galaxy S6, and Galaxy S6 Edge, with more updates coming soon. We can expect more manufacturers to push out updates any moment now, as well as announcements from Verizon, T-Mobile and others.
Users are being urged to head into Settings > About Phone > and Check for updates to download and install the latest software upgrade that is aimed almost exlusively at the Stagefright issue.
Even small manufacturers like Alcatel are doing it too. The company confirmed to GottaBeMobile this afternoon it’s flagshi new Alcatel OneTouch IDOL 3 is getting the Stagefright update starting August 10th.
More Coming Soon
As we said above, this problem has already been fixed by Google and is making its way to all Android smartphones and tablets as we speak. We’ve already seen Google push out updates, Samsung is delivering a wave of software patches to stop the problem, and we’re expecting to hear from almost every other major OEM and carrier in the coming hours, or days.
If you don’t get an update right away, don’t worry. If this hasn’t caused harm in the more than five years it has been around, a few more days aren’t going to hurt anyone.
Before the end of the day we’re expecting more Stagefright updates to be pushed out from others, and we’ll update with all the details as they arrive. All said and done, Stagefright could have been a big problem, but isn’t. Accept the update once it arrives, and continue on with your day.