Backtracking: Stagefright

In early October Trey Ford, Global Security Strategist at Rapid7, came out with several points of view in regards to; Stagefright, handset life expectancy and ‘carrier-introduced delay ‘. He stated:

“In June of last year, Google announced they have 1 Billion (with a capital B) active monthly users. This data point combined with other sites reporting the domination of Android in the mobile market- the projected scope of impact at 1 billion realistic. “The challenge that the mobile community faces is somewhat tied to the lack of portability between carriers (at least in the United States). When you buy a handset from the carrier, that discounted purchase is subsidized by the carrier contract. The carriers have a custom software build, with their own ‘out of box experience’ with special licensing agreements, software features and promotions. This process exacerbates an already complex supply chain. Carriers have inadvertently complicated the hardware supply chain with additional software on multiple hardware platforms, making their quality assurance testing process extremely complicated and slow. “The advice I give friends and family is to buy handsets that allow for updates directly from the manufacturer. For those who love Android – buy directly from Google to remove the carrier-introduced delay when Android releases a security patch. For Google, this is an ecosystem problem. Google manages Android, and does a respectable job shipping patches. They deliver to the carriers (which in turns, the carriers take some time (picture 9-18 months) before those patches are certified and delivered over the air to the devices. In other cases, they don’t bother, as the handset life expectancy is so brief for the consumer. Discerning consumers are paying attention, they want to keep their patches up to date!”

Thanks to: Rapid7
Image source: Pixabay.com

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.

You may also like...