Daily Management Review

Monthly Security Fixes Issued by Google and Samsung after Unveiling of Latest Android Bug


08/07/2015




Monthly Security Fixes Issued by Google and Samsung after Unveiling of Latest Android Bug
After the unveiling of hacking software ‘Stagefright’, Google Inc and Samsung Electronics Co announced the release of monthly security fixes for Android phones.

The world's most popular mobile operating system is the target of the newly designed hacking software.  
Stagefrieght was unveiled by security researcher Joshua Drake. A special multimedia message can be sent to an Android phone by the hackers using the bug. The bug has the potential then to access sensitive content even if the message is unopened.

“We've realized we need to move faster," Android security chief Adrian Ludwig said at this week's annual Black Hat security conference in Las Vegas.

Earlier, Google only dispatched patches developed to fight hackers to the phones within its Nexus only, after security flaws were discovered.

However the manufacturers were reluctant and did not immediately update the software for different reasons, waiting until they would push out a fix. This would expose more than 1 billion users of android based mobile phones at the mercy of potential hackers and scams until the fix arrived.  

There are other security changes that Google has made.

“Earlier this year the team broke out incidence rates of malicious software by language. The rate of Russian-language Androids with potentially harmful programs had spiked suddenly to about 9 percent in late 2014,” Ludwig had said in an interview to Reuters.  

Google was able to reduce the problems to close to the global norm by including roughly weekly security scans of Russian phones more frequent.

The new security systems in the more recent versions of Android had the potential to limit an attack's effectiveness in more than nine out of 10 phones, said Ludwig.

However Drake is of the view that an attacker could keep trying until the gambit worked. To put pressure on the attackers, Drake announced that the code for the attack would be released by Aug. 24. The manufacturers need to put out the security patch before the date.

Ludwig informed that while the Nexus phones are being updated with protection this week, the other Android handsets would be upgraded with the requisite security systems soon enough.

Samsung expressed fears that they would not be able to force the telecommunications carriers that buy its devices in bulk to install the fixes. Some high end users might get the patch, said Samsung Vice President Rick Segal.

"If it's your business customers, you'll push it," Segal said in an interview. Samsung is the largest maker of Android phones.

“Many Android security scares were overblown,” Ludwig said. He added that only about one in 200 Android phones Google can peer into have any potentially harmful applications installed at any point.
Drake however said that the figures put up by Google had excluded some products that include Fire products from Amazon which use Android.

Malicious bugs can get into phones when apps are not downloaded from the official online stores of Apple and Android. Experts have warned against legitimate-seeming Android and iPhone apps from imposter websites.

(Source: www.reuters.com)