Click to Skip Ad
Closing in...

The worst Android vulnerability the world has ever seen isn’t fixed, no matter what Google tells you

Published Aug 14th, 2015 12:41PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A few days ago, a security researcher revealed that up to 950 million Android devices are susceptible to a hack that takes advantage of one of the platform’s messaging features. Since then, Google and various OEMs confirmed they’re releasing, or will release, fixes for Stagefright – which is what the security issue has been named.

Google recently claimed to have patched the bug, but it appears that Google’s fix can be bypassed so the Stagefright bug can still be used by hackers.

DON’T MISS: 6 free tools that stop Windows 10 from spying on everything you do

According to the BBC, security company Exodus Intelligence says the update that Google released could give people a “false sense of security.” The company has been able to bypass the patch easily, and the vulnerability is still present.

“The public at large believes the current patch protects them when it in fact does not,” Exodus wrote on its blog.

Meanwhile, Google says that its fix applies to more than Nexus devices and that 90% of devices should be safe from Stagefright. Google told the BBC that Android users are protected by a security feature called “address space layout randomization (ASLR),” which should make the hacker’s job a lot harder.

“The patch is 4 lines of code and was (presumably) reviewed by Google engineers prior to shipping,” Exodus Intelligence added.
“If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have?”

The security company further noted that Google knew about the flaw for more than 120 days without fixing it. It looks like it’s indeed as difficult as expected for Google to patch this major security flaw, and it’ll take more than a quick update to get the job done.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.