T-Mobile has started to push out updates for a trio of Samsung devices which includes a fix for the Stagefright exploit that can be found in Android-powered smartphones.
The Samsung devices that T-Mobile has released the update for are the Galaxy Note Edge, Galaxy Note 4 and Galaxy S5. The current Samsung flagship devices, the Galaxy S6 and Galaxy S6 Edge, are not included in the Android smartphones that will be getting the Stagefright fix, though the security update for these two devices should be coming very soon.
In the support documents released by T-Mobile regarding the updates, the carrier said that the updates include improvements to messaging security. In the support document for the Galaxy S5 update, T-Mobile specifically states that the update includes the Stagefright fix, along with the fix for an issue with Swype.
Users can download the updates over the air through a Wi-Fi connection directly into their smartphones, or choose to download and install the update using their computers through the Samsung Kies utility software.
Stagefright is a remote code execution bug that gives hackers the opportunity to take over control and gain complete access to an Android device, even without the device's owner doing anything. This is different from the usual exploits that requires targets to carry out an action such as clicking on a link or installing malicious software.
Using the exploit, hackers simply have to send an MMS to their target. The hacker can then remove all traces that the device has been attacked, leaving users with compromised devices without them knowing it.
The severity of the issue has prompted Google and Android device manufacturers to hurriedly work on and release a fix for the issue.
Sprint has already previously released an update to take Galaxy Note 4 devices under the carrier to Android 5.1.1 Lollipop, which included the fix for the Stagefright exploit. AT&T followed suit and patched up the issue for the Galaxy S6, Galaxy S6 Edge, Galaxy S6 Active, Galaxy S5, Galaxy S5 Active and Galaxy Note 4. Google has also released updates to address the Stagefright vulnerability for the Nexus 4, Nexus 5, Nexus 6, Nexus 7 (2013, Wi-Fi), Nexus 9 (both Wi-Fi and LTE) and Nexus 10.