News Digest

Samsung and Google to issue ’ biggest updates ever’ for Android flaw

Google and Samsung will release monthly security fixes for Android phones, a growing target for hackers, after the disclosure of a bug designed to attack the world’s most popular mobile operating system. The change came after security researcher Joshua Drake unveiled what he called Stagefright, hacking software that allows attackers to send a special multimedia message to an Android phone and access sensitive content even if the message is unopened. Previously, Google would develop a patch and distribute it to its own Nexus phones after the discovery of security flaws. But other manufacturers would wait until they wanted to update the software for different reasons before pushing out a fix, exposing most of the more than 1 billion Android users to potential hacks and scams until the fix.

We’ve realised we need to move faster.

Android security chief Adrian Ludwig

Android’s security chief Adrian Ludwig said improvements to recent versions of Android would limit an attack’s effectiveness in more than nine out of 10 phones, but Drake said an attacker could keep trying until the gambit worked. Drake said he would release code for the attack by August 24, putting pressure on manufacturers to get their patches out before then. Nexus phones are being updated with protection this week and the vast majority of major Android handset makers are following suit, Ludwig said. As with Apple’s iPhones, the biggest security risk comes with apps that are not downloaded from the official online stores of the two companies.