The Stagefright vulnerability targeting Android phones has prompted Google to step up security

Google and Samsung agree regular Android security fixes

Google and Samsung will release monthly security fixes for Android phones, following the unveiling of the Stagefright bug in the mobile operating system.

Previously, Google would develop a patch and distribute it to its own Nexus phones after the discovery of security flaws, but other manufacturers would wait until they wanted to update the software for different reasons before pushing out the fix.

With the operating system a growing target for hackers and following security researcher Joshua Drake's release of his so-called Stagefright hacking software that allows attackers to access sensitive content on Android phones by sending a special multimedia message (even if the message is unopened), the firms have decided to act.

"We've realized we need to move faster," Android security chief Adrian Ludwig said at this week's annual Black Hat security conference in Las Vegas.

According to Ludwig, improvements to recent versions of Android would limit an attack's effectiveness in more than nine out of 10 phones, but Drake said an attacker could keep trying until the gambit worked.

Drake has said he will release code for the attack by August 24, putting pressure on manufacturers to get their patches out before then. Nexus phones are being updated with protection this week and the vast majority of major Android handset makers are following suit, Ludwig said.

Samsung is the largest maker of Android phones, but vice president Rick Segal said it is not possible for his company to force telecommunications carriers that buy its devices in bulk to install the fixes for all users. "If it's your business customers, you'll push it," Segal said in an interview.

However, Ludwig was keen to point out that many Android security scares were overblown, adding that only about one in 200 Android phones that Google can peer into have any potentially harmful applications installed at any point.

Drake noted that those figures exclude some products, including Fire products from Amazon, which use Android.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them