LinkedIn Facebook Twitter
July 31, 2015

July 2015 Newsletter

Table of Contents

  1. Major Vulnerability Uncovered in Android OS
  2. Hodgson to Attend HighEdWeb Annual Conference in Milwaukee

Major Vulnerability Uncovered in Android OS

By Brendan Magee
Just my luck! That’s what I was thinking when I turned on NPR Monday morning and heard a story about a significant vulnerability in Google’s Android operating system. Only a week before, I had been celebrating the virtues of my gigantic, phablet-sized Nexus 6 and exploring the nooks and crannies of Android Lollipop. I was excited to see how Google’s OS stacked up against iOS 8, as I had just signed up for Project Fi, Google’s new wireless service (only available on Nexus 6 at present).

Everything was peachy until I heard about this security risk, which got me worrying that maybe I had been a bit hasty to abandon my iPhone. Stagefright—the Android flaw in question—is pretty insidious, as it doesn’t even require an incautious action on the part of the user; all the “bad guys” would need is your phone number. A hacker would send you a short video with malicious code embedded in it, and simply receiving the message would trigger the vulnerability.

Apparently, it’s even more dangerous if you use the Hangouts app as your regular messaging app, because that app preloads multimedia content. Zimperium, the security company that discovered the vulnerability, has provided guidance on their website describing how to protect yourself against Stagefright. If you have an Android phone, it’s well worth it to check out the blog post.

This problem has brought to light one of the fundamental differences between how Google and Apple have approached smartphones: Apple’s closed system (in which they control both the software and the devices that run the software) means that they can immediately push security updates out to iOS users when patches are available. Not so with Android.

Google develops the operating system itself, but all of the device manufacturers (e.g., Samsung and LG) and carriers (Verizon, Sprint, et al.) are free to tinker with Android as they please. This means that whenever Google releases an update to Android, the carriers have to make their own updates before end users can receive the latest version. Another problem, as NPR’s Aarti Shahani reports, is that there is little financial incentive for manufacturers and carriers to keep the phone software up to date (better to get users to purchase new phones and sign new contracts than to keep old phones in shipshape).

I myself was at least somewhat aware of this landscape when I signed up for Project Fi. My concerns were allayed by the fact that I was going to be using Google’s flagship mobile phone, the Nexus, and Google themselves were to become my wireless carrier. That seems as close to an Apple-style system as I’ll be able to find in the Android world, and it comes with the added benefit of a genuinely fair pricing structure.

I’m quite happy with the new phone and plan thus far, but this Stagefright vulnerability has reminded me that complacency on security issues is never a good idea. When in doubt, update your OS and apps to the latest versions—I’m certainly going to. After all, I don’t want some stranger having access to the vast archive of fun selfies on my phone. Those are for vanity purposes only, and not for public consumption!
 

Hodgson to Attend HighEdWeb Annual Conference in Milwaukee

By Karen Rosen
Hodgson will be attending the HighEdWeb Annual Conference in Milwaukee, WI from October 4th through October 7th. This will be our first time at this particular conference, which is run by the Higher Education Web Professionals Association. We're really excited about the program of events, because it includes dozens of great sessions like these:
 
  • Your Website Is a Window, Not a Billboard
  • How to Use Data to Drive Content
  • Searching for Direction: Using a Search-Based Homepage to Direct Users
  • Secret Agent Man: How to Work with an Outside Partner
If you check out the full listing of events and speakers on the HighEdWeb website, you'll notice that each item in the calendar includes a description of what to expect during the associated session. While you're reviewing those listings, I would also direct your attention to the speaker for the general session on October 5th: it's none other than Bill Nye the Science Guy!

We'll provide more details about the conference in the coming weeks, but in the meantime, be sure to mark your calendars.

About HighEdWeb

The HighEdWeb Annual Conference is the conference created by and for higher education web professionals. This not-for-profit conference offers high-quality presentations, speakers and events at affordable rates. From Web developers, marketers and programmers to managers, designers, writers and all team members in-between, HighEdWeb provides valuable professional development experience for all those who want to explore the unique Web issues facing colleges and universities.