Android Security Patches Not Enough to Stop Stagefright Exploit

Android

According to a security firm, the patches released by various major tech firms against the Stagefright exploit may not be as effective as the public had hoped for.

The researchers said that there are still ways to get around these patches and hack into devices, 9to5Google reported.

During the recent weeks, Samsung, Google and LG have started rolling out firmware updates for their Android users. The company said that new updates will be released every month to ensure that users are protected from the Stagefright hack.

Other companies also released their own patches for their devices. OnePlus, for example, recently launched the OxygenOS 1.0.2 update for its OnePlus One device, according to NDTV. Since the company also uses Android-based software, it included a security patch with the latest version of the OxygenOS.

Aside from manufacturers, network carriers such as Sprint and Verizon are also helping in the widespread release of security patches for Android users.

Despite the precautions taken by various tech firms, security company Exodus Intelligence believes that these may not be enough to keep devices from being hacked using the Stagefright exploit.

As explained by various sources, the hack works by taking advantage of a flaw in Android's media player tool dubbed as Stagefright. Through a simple text message containing a malware-infected media file, the hacker can immediately access Android devices and steal vital data and other information.

According to Jordan Gruskovnjak, a researcher from Exodus Intelligence, hackers can still find a way to get around the newly released security patches. He was able to bypass the patch through an MP4 file.

The security firm explained that the flaw of the security patches is located in its coding.

"Exodus Intelligence security researcher Jordan Gruskovnjak noticed that there seemed to be a severe problem with the proposed patch," the firm wrote in a blog post. "As the code was not yet shipped to Android devices, we had no ability to verify this authoritatively."

The researchers noted that they have already notified Google regarding the problem with their patches. Hopefully, a new batch of patches with the proper codes will be released within the next few weeks.

The vulnerability of Android users to the Stagefright exploit was first discovered in April of this year. The issue was then disclosed to the public and was labeled as one of the worst vulnerabilities of a platform. According to security experts, through a simple MMS message, hackers can easily access the devices of over 950 million Android users.