Security flaw opens all modern Android devices to "zombie botnet" takeover [u]

18910111214»

Comments

  • Reply 261 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by Relic View Post



    drblank, for a person who hates Android as much as you do you sure talk about it more then anyone has so far in this thread. This thread, an Android thread, where you argue that you hate all this conversations about Android. You told me many times that I should leave, well we all know that's not going to happen as I was here first by 4 years. However, since you do not like discussing this topic why are you in here. I know, your being a troll, attacking anyone who has any positive thing to say about Android. Yes, this is a Apple eccentric site but many of us use multiple systems with our Mac products. Did you know you that you can connect your Android phone to a Mac computer, there you go, it's now Mac related. Please do us and your blood pressure a solid a please re-frame from ever posting in another thread with the word's Android again, actually any thread that doesn't have to deal directly with Apple as you seem to hate everything but. I don't like talking this way, but you have got to stop, it's just one sarcastic, down right nasty post after another. We get it already, you don't like Android, move on.


    Great. so you made your ONE Mac related comment, you can connect your Android phone to a Mac.  Are you done? 

  • Reply 262 of 275
    tallest skiltallest skil Posts: 43,399member
    macrulez wrote: »
    "No interest in Android"? LOL  Can you find any week on AI where this site's obsession with Android isn't evident in multiple headlines?

    Right, because he was talking about the site, not the...

    Oh, wait.
  • Reply 263 of 275
    droidftwdroidftw Posts: 1,009member

    Quote:

    Originally Posted by Relic View Post



    Did you know you that you can connect your Android phone to a Mac computer, there you go, it's now Mac related.


     


    Can you do more then just charge it?  I tried to connect my Android phone to a friend's Mac so I could give him pdf files of some old historical books from the 1800's but the Mac couldn't recognize my phone.  We also tried a WD external hard drive and it couldn't use that either.  I ended up burning a CD the next time I was home and giving it to him.

  • Reply 264 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by Tallest Skil View Post





    Right, because he was talking about the site, not the...



    Oh, wait.


    All I initially did was instill the fact that Google/Android platform has a serious problem I saw something this coming a while back and glad I'm not affected by the personal choice not to buy into Android, and then the Android users get all upset like I made a personal attack on them.  But reasoning with them is futile. they need to learn on their own and maybe when they grow up, they'll learn what I've learned over the years about the problems with an Open Architecture.



    I really, honestly think that the Google execs might have figure out a way out of this mess and they actually may have to decide to close it up and do it more like Microsoft or even Apple's method.  Why? 900 Million users and they only have 5 million buying into XDA.  I'm sure the Enterprise customers (education, military, corporate, and government) are looking at this and factor this in when they make a decision to see how Google is going to deal with it. Those are the customers that choose long term IT strategy and they don't switch platforms so quickly because it's too expensive for them to do so.  But if Google doesn't care about resolving this in a long term approach, then they might have to kiss off a lot of future stable business.

  • Reply 265 of 275
    relicrelic Posts: 4,735member
    droidftw wrote: »
    Can you do more then just charge it?  I tried to connect my Android phone to a friend's Mac so I could give him pdf files of some old historical books from the 1800's but the Mac couldn't recognize my phone.  We also tried a WD external hard drive and it couldn't use that either.  I ended up burning a CD the next time I was home and giving it to him.

    It should work out of the box, file transfer and USB tethering. Make sure the USB protocol is not on MTP and try again. There is also a handy little app http://osxdaily.com/2011/11/28/move-files-from-android-to-mac-os-x-and-vice-versa-with-android-file-transfer/
  • Reply 266 of 275
    droidftwdroidftw Posts: 1,009member

    Quote:

    Originally Posted by Relic View Post





    It should work out of the box, file transfer and USB tethering. Make sure the USB protocol is not on MTP and try again. There is also a handy little app http://osxdaily.com/2011/11/28/move-files-from-android-to-mac-os-x-and-vice-versa-with-android-file-transfer/


     


    Thanks for the link.  I was surprised that neither worked out of the box and he wasn't sure what to do to get it working either.  I made a bookmark to http://www.android.com/filetransfer/ on my phone for the future.  That may come in handy!  image

  • Reply 267 of 275


    Every conspiracy nut/open source hippie advocate claims that BECAUSE ANDROID IS OPEN IT IS INVULNERABLE UNLIKE WINDOWS/MAC etc. etc.


     


    Yet here we are with a master backdoor key that has rendered 99% of the user base vulnerable to attack.


     


    Slow, and very sarcastic, clap.


     


  • Reply 268 of 275

    Quote:

    Originally Posted by Smallwheels View Post



    It's a great time for Firefox OS to debut. Ubuntu for phones and tablets is near too.



    This malicious code must be from the NSA. Who else would create such an application?


    Anyone who wants money.


    Even just visiting your bank and typing in your account number to log in via the web browser would be stored on the device, either via a cookie or local storage. Even if you tell the browser not to remember that info, they could still sit and wait in the background and wait for you to log in and key log the entire process.


     


    This is, obviously, the worst case scenario.

  • Reply 269 of 275
    customtbcustomtb Posts: 336member
    droidftw wrote: »
    According to koop it's already been addressed.  I hope they do something at the OS level for those that they can in additional to the Play Store fix.

    Even if its been "addressed", the chances of a fix making it to any given affected device is slim at best. Instead it will just be incorporated into new handsets as seems to be the carriers
    Modus operandi. ( or will it? As many of the phones are sold with older os version?)
  • Reply 270 of 275
    customtbcustomtb Posts: 336member
    Wouldn't a free, shared, communal, OS like android, where everybody gets everything, but its all substandard be a better example of communism than an iOS that represents people choosing to spend their hard earned money for a premium product because of its benefits that include aesthetics, ease of use, product support, a complete ecosystem, etc .
  • Reply 271 of 275
    technarchytechnarchy Posts: 296member
    customtb wrote: »
    Even if its been "addressed", the chances of a fix making it to any given affected device is slim at best. Instead it will just be incorporated into new handsets as seems to be the carriers
    Modus operandi. ( or will it? As many of the phones are sold with older os version?)

    No way in hell this had been addressed. That is android shillboy spin at best. This security hole goes back to every android handset sold since android 1.6 which was released in 2009.

    Google loves to state they have one trillion activations a day. Well one can extrapolate from that claim the sheer size of this issue affecting hundreds of millions of devices.

    So someone is claiming google has "addressed" the issue and pushed out a huge update that touches the very core of the way android works, and did an over the air update that fixed every android device sold since 2009.

    Two words: My Ass

    This is a security issue of epic proportions, despite the android spin machine trying to sweep it under the rug and wish it away.
  • Reply 272 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by Technarchy View Post





    No way in hell this had been addressed. That is android shillboy spin at best. This security hole goes back to every android handset sold since android 1.6 which was released in 2009.



    Google loves to state they have one trillion activations a day. Well one can extrapolate from that claim the sheer size of this issue affecting hundreds of millions of devices.



    So someone is claiming google has "addressed" the issue and pushed out a huge update that touches the very core of the way android works, and did an over the air update that fixed every android device sold since 2009.



    Two words: My Ass



    This is a security issue of epic proportions, despite the android spin machine trying to sweep it under the rug and wish it away.


    They can wish it away all they want to but the major companies/orgs that buy tons of product, SECURITY is a MAJOR consideration if not one of the top 1 or 2 on the list of things they want from a smartphone or tablet platform.  I think the more astute and security conscious customers might just kiss off Android and go elsewhere.  They also look at support, updating policies, financial stability of the company behind the platform, apps available, administration tools, reliability.  Price is not always high up on the list since TCO is actually more important.  Most consumers haven't a clue as to what TCO is, how to do the calculations.  I used to work for a software company that sold expensive enterprise software and they had developed a TCO calculators and i showed it to a large high profile customers and they asked for a copy of the spreadsheet calculations, we we normally didn't hand out.  They said that it was the most comprehensive they ever seen from any vendor (Including all of the big companies and consulting firms). I was given permission to give them a copy to their project managers.  I wish I had a copy of it.  Big IT shops look or should consider running the TCO numbers if they have the resources to do so.  Apple usually has very low TCO numbers from what I remember back in the days when I was selling desktops.  I'm sure things haven't changed much.


     


    The people that are more concerned with TCO aren't usually tech geeks as they usually don't have a business/financial background, the people that are more conscious about that are usually more business/financial minded managers. 


     


     


     I forgot to add, Samsung has that SAFE promotion which does sandboxing, etc., but since THEY don't update the original source code, they have to rely on Google to do it, and then they have to go through their little 6 month (average) process of modifying it, testing it, and then getting the cell carriers to bless it before it's released, so that's additional time just to address a bug/security issue.  Apple just releases beta developer versions until they feel comfortable with the update and then blamo, the customer doesn't have to wait another 6 months. It's where the original source code is.  I think with proper analysis, Samsung would fail in terms of security and updating process compared to others (Apple would probably be amongst the top of the list).


     


    It would be interesting to see what the eval process is that's performed by various organizations prior to choosing a platform. I have seen my share when deal with customers on platform. Some are anal about things and some aren't.  Every organization has their own hot buttons and considerations.




    Look at the ones that utilize things like 6 sigma (which i do have some training in) or something similar in their management practice.  They analyze things to death because they want ZERO defects or 1 in a million errors in business processes.


     


     


    OH, and why did Cisco dump their own Android tablet in favor of buying and allowing employees to bring in their own iPads and Apple laptops?  Cisco isn't a fly by night company.  They like Open Standards.


     


    Remember, I have had connections over the years and know what and why some companies are doing what they are doing.

  • Reply 273 of 275
    droidftwdroidftw Posts: 1,009member

    Quote:

    Originally Posted by Technarchy View Post





    No way in hell this had been addressed. That is android shillboy spin at best. This security hole goes back to every android handset sold since android 1.6 which was released in 2009.



    Google loves to state they have one trillion activations a day. Well one can extrapolate from that claim the sheer size of this issue affecting hundreds of millions of devices.



    So someone is claiming google has "addressed" the issue and pushed out a huge update that touches the very core of the way android works, and did an over the air update that fixed every android device sold since 2009.



    Two words: My Ass



    This is a security issue of epic proportions, despite the android spin machine trying to sweep it under the rug and wish it away.


     


    As the article mentions, this exploit is actively searched for and not allowed into the Play Store.  If you don't want to believe the article then go to the search engine of your choice and search "Google Bouncer" and you'll find more information.

  • Reply 274 of 275
    technarchytechnarchy Posts: 296member

    Quote:

    Originally Posted by DroidFTW View Post


     


    As the article mentions, this exploit is actively searched for and not allowed into the Play Store.  If you don't want to believe the article then go to the search engine of your choice and search "Google Bouncer" and you'll find more information.



     


    It's intellectually dishonest on numerous levels to classify this as solution.


     


    Doubly so when everyone knows Google Play is the Detroit of mobile app stores.


     


    Google's app governance and integrity is non-existant. 


     


    Example: I didn't know Infinity Blade 2 was on android: https://play.google.com/store/apps/details?id=com.nicegame.goodstart.jqxq.srbuy.rgdtxm&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5uaWNlZ2FtZS5nb29kc3RhcnQuanF4cS5zcmJ1eS5yZ2R0eG0iXQ.


     


    This shouldn't even be allowed. Google Bouncer does a bang up job of protecting android users image


     


    Furthermore this is not a solution, because the exploit still exists. It's like saying adding more police is a solution for curing cancer.

  • Reply 275 of 275
    droidftwdroidftw Posts: 1,009member


    Despite your personal opinions, it's a perfectly logical step for Google to take.  They likely can't force a software fix out to all Android phones to patch this as quickly as they can monitor their app store for the exploit.  It's the best and most logical first step.

Sign In or Register to comment.