Is your Android smartphone any safer than it was last month? You've probably heard about Stagefright, a huge Android security flaw
recently discovered by a researcher at Zimperium zLabs. In short,
hackers can gain control of your phone simply by sending a corrupted
image or video to your Android phone via MMS. The scariest part is that
you don't even have to open the text. I've already written about a way
to protect your device while waiting for a security patch: by disabling
the auto-retrieval of multimedia messages. If your carrier has already
pushed out the 5.1.1 Android update to your smartphone, you probably
think it's safe to turn this feature back on; and why wouldn't you?
Well, unfortunately, that update contains a flaw,
meaning that your up-to-date device may still be breached. This time,
it was researchers at the firm Exodus Intelligence who discovered the
flaw. Google has fixed the flawed patch, but that may not reach your
device for weeks.
So what is an Android user supposed to do? Luckily, Zimperium zLabs has built an app
that will scan your phone to determine if it's still vulnerable. I used
it myself, and that's how I figured out that my phone, the Samsung Galaxy S6,
remains vulnerable, even though it's up to date. Until then, I won't be
changing my MMS settings--nor will I be opening text messages from
unknown numbers. Download this app right away to confirm whether your
phone is vulnerable to the Stagefright threat.
Android Security Apps
Android's
universe is much more complicated than the iPhone's. Apple is able to
push out updates directly to its phones, due to its deals with wireless
carriers. And since Apple builds both the software and hardware, there
are no third-party manufacturers in the mix. Using an Android device
means you need to take measures to protect your device, at least until
Google, LG, Samsung and others can work with the carriers to speed up
updates. Just like you should protect your computer with security
software, you can also download security apps for your Android to stay one step ahead of hackers and malware.
Most
companies that provide desktop security software have added mobile apps
to their arsenal, including Avast! and Bitdefender. Carriers also offer
their own apps, including Sprint Protect and Verizon Support &
Protection. Lookout Security & Antivirus has teamed up with AT&T
and T-Mobile to provide a built-in security app. Rooting your phone
gives you access to even more robust security apps such as Titanium Backup.
How Google and Android Hardware Manufacturers Have Responded
As
I said, it's the wireless carriers that distribute Android system
updates, not Google or hardware manufacturers, which means that you may
have to wait as long for important security updates as for small bug
fixes. Google, LG, and Samsung have all pledged to put out monthly
security updates, a big step forward; however, the wireless carriers are
still the gatekeepers. The exception is if you have a Nexus device,
Google sends updates to the Nexus line directly.
The hope is that
this disaster will change the way the Android updates are distributed in
the future. With so many Android devices out in the world, consumers
can't wait around while Google and third-party manufacturers struggle to
get security patches through the wireless carriers. Something's got to
give.
source: about.com