Click to Skip Ad
Closing in...
  1. AirPods Pro Prime Day Deal
    11:46 Deals

    AirPods Pro are back in stock at Amazon after selling out – and they’re $52 off

  2. Early Prime Day Deals
    08:06 Deals

    10 incredible early Prime Day deals that are about to end at Amazon

  3. Prime Day Laptop Deals
    15:18 Deals

    Prime Day 2021: Best laptop deals

  4. Amazon Deals
    07:56 Deals

    10 deals you don’t want to miss on Saturday: Early Prime Day blowout, $50 off AirPods Max, $20 Blink Mini cam, more

  5. Prime Day Headphones Deals
    13:00 Deals

    Amazon Prime Day 2021: Best headphones deals

The worst Android vulnerability the world has ever seen isn’t fixed, no matter what Google tells you

August 14th, 2015 at 12:41 PM
Google Stagefright Android Vulnerability Update

A few days ago, a security researcher revealed that up to 950 million Android devices are susceptible to a hack that takes advantage of one of the platform’s messaging features. Since then, Google and various OEMs confirmed they’re releasing, or will release, fixes for Stagefright – which is what the security issue has been named.

Google recently claimed to have patched the bug, but it appears that Google’s fix can be bypassed so the Stagefright bug can still be used by hackers.

DON’T MISS: 6 free tools that stop Windows 10 from spying on everything you do

According to the BBC, security company Exodus Intelligence says the update that Google released could give people a “false sense of security.” The company has been able to bypass the patch easily, and the vulnerability is still present.

“The public at large believes the current patch protects them when it in fact does not,” Exodus wrote on its blog.

Meanwhile, Google says that its fix applies to more than Nexus devices and that 90% of devices should be safe from Stagefright. Google told the BBC that Android users are protected by a security feature called “address space layout randomization (ASLR),” which should make the hacker’s job a lot harder.

“The patch is 4 lines of code and was (presumably) reviewed by Google engineers prior to shipping,” Exodus Intelligence added.
“If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have?”

The security company further noted that Google knew about the flaw for more than 120 days without fixing it. It looks like it’s indeed as difficult as expected for Google to patch this major security flaw, and it’ll take more than a quick update to get the job done.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News