Stagefright Bug Fix has Flaws, New Android Security Updates Needed

By Richard Waelty
Android 5.0 on Galaxy S5
Android 5.0 Lollipop running on a Samsung Galaxy S5. Photo: SamMobile

Android security updates for the Stagefright Bug have not completely addressed vulnerabilities, according to recent reports by industry experts. This development comes just as Android users are starting to receive the six-part security patch that was rolled out by Google earlier this month.

Even so, researchers at Exodus Intelligence found security issues that remain even with the new fix. Their report revealed a serious flaw in four lines of code. Hence, users may have been lured into a false sense of security. The same report indicates that as many as 950 million users are vulnerable to this exploit.

"If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have," Exodus asked.

The security company pointed out that Google was quietly notified of the flaw in July. According to their blog, Exodus announced the flaw publically after failing to receive a response within Google's 90-day disclose deadline.

Android Watchers Predict Delays with Next Stagefright Bug Fix

Many Android observers expressed concern that Google is not quick enough to address the security exploit that was discovered recently. Last week, Rapid7 security manager Tod Beardsley highlighted the severity of this issue in an interview with the UK's Register.

"Even Nexus devices, which Google has the most direct control over, will have to wait until a September release for an update to the insufficient Stagefright patch," he revealed. "This lag time between having a fix in hand and distributing it to the user base is simply too slow to be reasonably safe."

Beardsley continued by insisting that Google could have responded better to the recent report from Exodus Intelligence.

"Many companies struggle with first contact with researchers reporting vulnerabilities, but this is not Google's first rodeo," Beardsley explained.

Meanwhile, Google insists that Android users are still protected by the Address Space Layout Randomization (ASLR) security feature. The Mountain View-based tech giant told the BBC that 90 percent of Android devices are ASLR enabled.

ASLR apparently complicates the process by which a device is hacked. In theory, the hacker may decide to go after easier prey should the technology be encountered. However, this is not an absolute guarantee.

Stagefright refers to a mechanism that allows Android to process video files being sent via MMS text messaging. Hypothetically, this function opens the way for hacking attacks without the user's knowledge. First introduced with Android 2.2, the Stagefright feature is present in millions of Android mobile devices worldwide. 

  • [Exclusive Interview] A revelation within the brink of life and death — Meg Leung’s mission in Christian art

    Meg Leung (梁麗橋), an artist with a lifelong love for watercolor painting, sees her art as more than a means of expressing her inner world; it is a bridge connecting her to God. Her artistic journey has revealed God’s perfect plan and inspired her to communicate the power of faith through her wor

  • Transgenderism a fundamental human right? Hong Kong public disagrees, survey finds

    A 2024 survey from the Society for Truth and Light (明光社)'s Center for Life and Ethics Research reveals that respondents from various backgrounds prioritize personal safety and fairness when it comes to transgender issues. When laws involve moral judgments, most respondents believe courts should not make the decisions. The study also indicates that religious believers share similar views with non-religious respondents, reflecting that many churches may rarely address gender topics in depth.

  • Discipleship and Evangelism: Walking the Path of the Great Commission

    Like an ever-flowing spring, the gospel refreshes dry, parched lands and needs our unwavering passion and steadfast faith to transform lives and bring renewal. The "flame in our hearts" calls Christians to keep their faith and love for the Lord ablaze, representing the work and power of the Holy Spirit, driving us to proclaim God's glory boldly.

  • North America Chinese Evangelical Seminary year-end report highlights significant ministry progress

    As the year draws to a close, Rev. James Liu, President of the Chinese Evangelical Seminary North America (CESNA), reflected on the seminary’s remarkable growth and ministry development over the past year. Dedicated to providing theological education to Chinese Christians, CESNA continues to uphold its mission to remain faithful to the gospel and nurture believers. This year’s achievements span academic, ministerial, and outreach endeavors, fostering spiritual growth and advancing missionary wo