This news can cause a bit more flutter in your stomach than the butterflies did when you went on stage the first time. Stagefright, Android’s media playback engine, is on the hacker’s radar due to the bugs in the platform that make it vulnerable to threats. Joshua Drake, a researcher from Zimperium zLabs, a mobile security firm, discovered these bugs recently.
Technical experts consider Stagefright to be the worst Android vulnerability that could affect the performance of nearly a billion Android devices that are currently in use worldwide – except for the ones that use Android 2.1 and below. That is, most Android devices are susceptible to serious security threats and information loss due to the Stagefright bugs.
How does it work?
Stagefright is an engine that enables audio and video playback to support the multimedia messaging service (MMS) feature on Android devices. You don’t even have to open the MMS message. Just receiving it can infect your phone and compromise the data. MMS is the most common ways by which intrusion is said to occur. All Android consoles are vulnerable to this attack.
How can you stop it?
You can disable the incoming MMS on the Android devices. However, it might be laborious at an enterprise level to individually disable the service on each of device. To defend all the devices concurrently, activate Restrict Incoming MMS under Profile Restrictions on the ManageEngine Mobile Device Manager Plus server for all enterprise and employee-owned Samsung SAFE and KNOX devices. This will make those Samsung devices less susceptible to hacking even as you wait for the security patches from the device vendor.
Recent improvements:
Google has recently announced that it would be launching the security updates that contain fixes for the Stagefright bug.
The first set of updates will be rolled out for the Nexus devices (Nexus 4, 5, 6, 7, 9, 10 and Nexus Player).
Meanwhile, Samsung has also followed suit in scheduling timely security fixes for the same issue for the Galaxy range of mobile devices that are commonly used in enterprises.
You can get the detailed story from here:
Google Nexus: http://officialandroid.blogspot.in/2015/08/an-update-to-nexus-devices.html
Samsung: http://global.samsungtomorrow.com/samsung-announces-an-android-security-update-process-to-ensure-timely-protection-from-security-vulnerabilities/