+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Here's how Google is trying to fix the bug that can crash 95% of all Android phones and tablets with a single text message

Aug 5, 2015, 22:30 IST

Flickr/etnyk

Last week researchers discovered a bug that is said to leave 95% of Android phones and tablets vulnerable to attack. Now, Google has come forward to address the issue and detail how it plans to patch the vulnerability.

Advertisement

The bug, which has been called Stagefright and was discovered by Zimperium zLabs' Joshua J. Drake, lives in the media libraries Android uses to read common file formats such as PDFs.

Drake says a hacker can use this bug to install malware on a victim's computer without any interaction from the victim - which is unusual for a virus. In most cases, a user would have to open a specific file carrying the malware to start the attack. But with Stagefright, a hacker would just have to send a malicious media file such as a photo or a video to a victim via text message.

During a presentation at cybersecurity conference BlackHat, Google's lead Android security engineer Adrian Ludwig gave a presentation that outlined how Google currently protects Android devices and the new updates it plans to push out.

The company is pushing out new security fixes for Nexus devices on Wednesday. These fixes, which Google hasn't detailed publicly yet, have already been pushed out to Google's Android partners which means they should also be coming to non-Nexus Android devices soon.

Advertisement

Google says the most popular Android phones will get the update in August, which includes the Samsung Galaxy S6 and S6 Edge, the Galaxy S5, the Galaxy Note 4 and Note Edge, the HTC One M7, One M8, and One M9, the LG G2, G3, and G4, Sony Xperia Z2, Xperia Z3, Xperia Z4, and Xperia Z3 Compact as well as all Android One devices.

Nexus devices will now get regular security updates every month, too.

Google is also updating the default Android messenger app so that users will have to actually click on a video to view it, which could prevent viruses such as Stagefright from spreading quickly. Currently, the Messenger app displays a thumbnail of the video when a user receives a video via text message.

Ludwig added that despite Drake's claims, 90% of Android devices come with a technology called ASLR installed, which Google says protects them from vulnerabilities such as Stagefright. ASLR stands for address space layout randomization, which is intended to make it more difficult for hackers to exploit the memory in your phone. It's been part of Android since the 4.0 Ice Cream Sandwich release in 2012.

Advertisement

The Stagefright attack allows hackers to gain control over various parts of your phone, such as its camera and microphone, Drake said in a previous interview with Business Insider UK's Alastair Stevenson. The attack could be executed without the victim's knowledge.

"The scariest part is that a Stagefright attack does not require any action by the victim meaning the flaw can be exploited remotely while a device owner is asleep," Drake said.

NOW WATCH: There is a secret US government airline that flies out of commercial airports

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article