Sprint Updates Galaxy Note 4 To Android 5.1.1

Quinten Plummer, Tech Times 05 August 2015, 05:08 am

Sprint is updating its Galaxy Note 4 Android 5.1.1 and, in doing so, is sewing up a hole that leaves the handset open the Stagefright vulnerability.

The update to Android 5.1.1 Lollipop includes a fix for the message waiting indicator, several bug fixes and a security fix to address the vulnerabilities of the Android OS' media library process.

To check for the update, tap the Apps button at the Home screen and then tap on the Settings button. Tap on the System Update option and then tap Update now.

While the Galaxy Note 4 received a fix for its Stagefright vulnerabilities, there are still mountains of smartphones and tablets out there that are still susceptible to an attack through the back door and into their media libraries.

Stagefright is a media library process, a piece of service software tucked under Android's hood and out of the common area. The process is still vulnerable to several attacks, which can be leveraged to control a target's phone remotely, according to Zimperium Mobile Security.

"The targets for this kind of attack can be anyone from Prime ministers, govt. officials, company executives, security officers to IT managers," says Zimperium Mobile Security.

With just a target's phone number, hackers can gain access to a victim's smartphone remotely. There's no need to brute force a password or spearphish. "You will only see the notification," Zimperium Mobile Security says.

"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep."

It isn't clear just how many vendors still have yet to address the Stagefright vulnerability -- and no vendor or manufacturer is going to empower hackers by announcing they have yet to address the potential exploits.

The Open Handset Alliance and Google's Android Security Team have already been working on addressing the vulnerability and have released patches several patches for those who want a fix now.