Security flaw opens all modern Android devices to "zombie botnet" takeover [u]

1679111214

Comments

  • Reply 161 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by DroidFTW View Post


    Calm down there, buddy.  They're just phones.


     


     


     


    No.  image



    You sound like a 12 year old Justin Beiber fan that won't listen to logic and sound reasoning.  Like you said, they are just a phone, so why do you have to waste so much spare time learning and rooting your phone?  That's a hobby DroidFTW, unless you get paid to do it on a professional level.  Enjoy your hobby that doesn't have a lot of cool apps and third party hardware to enjoy your product doing other things that might be more satisfying.

  • Reply 162 of 275
    relicrelic Posts: 4,735member

    Quote:

    Originally Posted by DroidFTW View Post


    Calm down there, buddy.  They're just phones.


     


     


     


    No.  image



    Do not interact with this person, please for your own sanity.

  • Reply 163 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by Relic View Post


     


     


    Mr. drblank, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.



    Relic,


     


    You are truly an idiot.  Go to an Android site and bother them.  

  • Reply 164 of 275
    relicrelic Posts: 4,735member

    Quote:

    Originally Posted by drblank View Post


    Relic,


     


    You are truly an idiot.  Go to an Android site and bother them.  



    image

  • Reply 165 of 275
    d4njvrzfd4njvrzf Posts: 797member

    Quote:

    Originally Posted by drblank View Post


    You said "Both Android and iOS are based on Unix"  I don't know how you can say that no on in this thread stated that Android is Unix.


     


    I think you are just trying to justify your pathetic hobby phone which is based on the Android OS.  That's all you are REALLY saying.


     


    As Jerry Seinfeld says "Yikes, Good luck with ALL THAT."


     




     


     


    It depends on what the meaning of the phrase "based on" is. If he meant "based on" in terms of functionality, such as the process and security models, system interfaces, etc, then both iOS and android would be "based on" unix. If "based on" means containing actual implementations from BSD, then of course only iOS would qualify. Finally, if "based on" means being officially registered under the single unix specification, then the term would apply to neither OS.  

  • Reply 166 of 275
    relicrelic Posts: 4,735member

    Quote:

    Originally Posted by d4NjvRzf View Post


     


     


    It depends on what the meaning of the phrase "based on" is. If he meant "based on" in terms of functionality, such as the process and security models, system interfaces, etc, then both iOS and android would be "based on" unix. If "based on" means containing actual implementations from BSD, then of course only iOS would qualify. Finally, if "based on" means being officially registered under the single unix specification, then the term would apply to neither OS.  



    Wow, that was a mouthful,"The Open Group" is the owner of the trademark UNIX. AIX, Solaris, SCO, HP/UX Tru64, z/OS, IRIX, NEC UX, Reliant Unix and OSX are the only compliant OS's that are truly allowed to be called UNIX. The rest are UNIX like, this even goes for iOS.

  • Reply 167 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by d4NjvRzf View Post


     


     


    It depends on what the meaning of the phrase "based on" is. If he meant "based on" in terms of functionality, such as the process and security models, system interfaces, etc, then both iOS and android would be "based on" unix. If "based on" means containing actual implementations from BSD, then of course only iOS would qualify. Finally, if "based on" means being officially registered under the single unix specification, then the term would apply to neither OS.  



     


     


    One is Unix and one is Linux. Linux is Unix LIKE, but it isn't Unix, it can't be referred to as Unix and anyone that says otherwise is kind of ignorant.


     


     


    the core set of components of iOS is based on Darwin, which is a form of Unix.  Darwin is a POSIX compliant OS which was derived from NeXTSTEP, BSD and other free software projects.   Darwin is based on XNU.

     

  • Reply 168 of 275
    jragostajragosta Posts: 10,473member
    negafox wrote: »
    iOS had some critical vulnerabilities that got a free pass in the tech press. How about the exploits that allowed JailbreakMe to be possible merely by visiting a web page in Safari? Fortunately, those exploits were only used to jailbreak at the time, but the ramifications could have been horrendous if a malicious developer decided to create a page to install malware or even brick a phone.

    The difference, of course, is that most iPhones can be patched. Most Android phones can not. So when there's a vulnerability affecting iOS, most users have access to the fix. Most Android users are stuck with their vulnerable phone.
    walkop wrote: »
    It has already been effectively patched.

    No, it hasn't. "Effectively patched" would mean a patch that's available to most people. The vast majority of current Android phones will never have a patch available.
  • Reply 169 of 275
    nikon133nikon133 Posts: 2,600member
    <span style="color:rgb(38,48,52);font-family:Arial, sans-serif;font-size:14px;line-height:20px;">Don't hold your breath.   </span>


    From arstechnica:
    "<span style="color:rgb(38,48,52);font-family:Arial, sans-serif;font-size:14px;line-height:20px;">"I imagine that Google would move quickly to add some logic to look for such attacks," </span>
    <a href="http://www.cs.rice.edu/~dwallach/" style="color:rgb(105,159,179);font-family:Arial, sans-serif;font-size:14px;line-height:20px;" target="_blank">Dan Wallach</a>
    <span style="color:rgb(38,48,52);font-family:Arial, sans-serif;font-size:14px;line-height:20px;">, a professor specializing in Android security in the computer science department of Rice University, told Ars. "Without that available to an attacker, this is likely to only be relevant for Android users who use third-party app stores (which have lots of other problems). This bug could also be valuable for users trying to 'root' their phones."</span>


    <span style="color:rgb(38,48,52);font-family:Arial, sans-serif;font-size:14px;line-height:20px;">The question you should be pondering is why you even care so much about how well or poorly Android does?   As former iPhone owner, current iPad owner, and soon-to-be Macbook owner, I surf the Apple sites to get information on gear I'm interested in.  But what I'm noticing is that there is a surprising number of people on this site who are obsessed with hating Android.  Why?</span>


    <span style="color:rgb(38,48,52);font-family:Arial, sans-serif;font-size:14px;line-height:20px;">I buy whatever suits my needs.  I have use and own multiple operating systems: Windows, Linux, Android, iOS...and later today, OS X.  They all have their pros and cons.  I bought my Mom an iPad because I wanted something simple for her, where I didn't have to worry about what she downloads and installs.  I switched to Android because I wanted features that iOS and Apple can't or won't provide.   No big deal.  I still enjoy my iPad but now I have the additional capability I wanted via my Android phone.  I'll continue to use Windows and Linux even while adding an OS X device to my collection.  What I won't be doing is hoping for a vulnerability to be discovered in any of them.</span>

    You are rarely reasonable person around here.
  • Reply 170 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by jragosta View Post





    The difference, of course, is that most iPhones can be patched. Most Android phones can not. So when there's a vulnerability affecting iOS, most users have access to the fix. Most Android users are stuck with their vulnerable phone.

    No, it hasn't. "Effectively patched" would mean a patch that's available to most people. The vast majority of current Android phones will never have a patch available.


    "effectively patched" would indicate the patch actually works.  

  • Reply 171 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by crapplingpain View Post


     


    Don't hold your breath.   


     


    From arstechnica:


    ""I imagine that Google would move quickly to add some logic to look for such attacks," Dan Wallach, a professor specializing in Android security in the computer science department of Rice University, told Ars. "Without that available to an attacker, this is likely to only be relevant for Android users who use third-party app stores (which have lots of other problems). This bug could also be valuable for users trying to 'root' their phones."


     


    The question you should be pondering is why you even care so much about how well or poorly Android does?   As former iPhone owner, current iPad owner, and soon-to-be Macbook owner, I surf the Apple sites to get information on gear I'm interested in.  But what I'm noticing is that there is a surprising number of people on this site who are obsessed with hating Android.  Why?


     


    I buy whatever suits my needs.  I have use and own multiple operating systems: Windows, Linux, Android, iOS...and later today, OS X.  They all have their pros and cons.  I bought my Mom an iPad because I wanted something simple for her, where I didn't have to worry about what she downloads and installs.  I switched to Android because I wanted features that iOS and Apple can't or won't provide.   No big deal.  I still enjoy my iPad but now I have the additional capability I wanted via my Android phone.  I'll continue to use Windows and Linux even while adding an OS X device to my collection.  What I won't be doing is hoping for a vulnerability to be discovered in any of them.



    You are asking why people on an Apple centric site hate Android?  For the similar/opposite reasons why Android users on an Android centric site hate Apple. or a Windows user on a Windows centric site hates Apple.  etc.


     


     


    What features on Android will Apple NOT provide in the future that you need?  I'm curious as to what your reasons are.

  • Reply 172 of 275
    drblankdrblank Posts: 3,383member


    For those that are in support of XDA.  There are only a little over 5 Million registered users.  That's what percentage of the entire smartphone/tablet using market?   TEENY TINY, INSIGNIFICANT. and the mfg do NOT recommend ROOTING, JAILBREAKING, etc. 

  • Reply 173 of 275
    drblankdrblank Posts: 3,383member


    For those that think that Rooting or Jailbreaking your smartphone is going to solve all of your problems.  Think about this little scenario.


     


    If you have a ton of personal problems and someone tells you to jump off a bridge to solve your problems and others have done it, would you jump off a bridge when there are others that advise against it?   For some people, it might be their only way of dealing with their issues and it might be better for everyone if they did jump off the bridge, but for others, some may not want them to do it.  So what do you do?


     


    Same thing applies to rooting or jailbreaking a smartphone metaphorically speaking.  Will it solve all of your problems?  NO.  Is it advised from the mfg of the products you bought?  NO.  Then why do it?   Only a VERY small percentage of the smartphone using population actually does it.  And for those that use Android, maybe jumping off a bridge might be the only solution.      LMAO........  /s

  • Reply 174 of 275
    d4njvrzfd4njvrzf Posts: 797member

    Quote:

    Originally Posted by MacRulez View Post


    Sounds a lot like OS X, where for now users are still free to sideload from outside of Apple's store. 


     


    But even then, OS X doesn't provide the access requirements for apps that Android does, so from the arguments presented here it would seem that OS X is less secure.



     


    That raises the question of why side-loading has a worse reputation on android than on OS X. Here's my guess.


     


    People on OS X tend to sideload from a limited collection of well-established third-party programs from reputable firms. Most mac users I've seen use some subset of software from Adobe, Google, Mathworks, Microsoft, etc, and they won't get malware from those channels.


     


    By contrast, the mobile app landscape is much less well-defined. Everyone is pushing out their own coffee apps, weather apps, coupon apps, and fart apps, so black hats have a much bigger crowd to blend in with. To make matters worse, mobile apps are often single-function and targeted toward a very specific audience (such as people looking for coffee in San Francisco). Thus, people install more apps from obscure publishers on smartphones, and the apps they sideload are more likely to contain malware.


     


    So, although the act of sideloading on android might be safer than on OS X, android users probably tend to sideload shadier apps.

  • Reply 175 of 275
    drblankdrblank Posts: 3,383member


    I think based on observing the Android platform for several years that Google, nor their OEM mfg, nor their customers, nor some of the software developers are actually utilizing what the industry calls BEST PRACTICES.   It's what is lacking the entire Android platform.  Oh well, glad it's not MY problem.

  • Reply 176 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by d4NjvRzf View Post


     


    That raises the question of why side-loading has a worse reputation on android than on OS X. Here's my guess.


     


    People on OS X tend to sideload from a limited collection of well-established third-party programs from reputable firms. Most mac users I've seen use some subset of software from Adobe, Google, Mathworks, Microsoft, etc, and they won't get malware from those channels.


     


    By contrast, the mobile app landscape is much less well-defined. Everyone is pushing out their own coffee apps, weather apps, coupon apps, and fart apps, so black hats have a much bigger crowd to blend in with. To make matters worse, mobile apps are often single-function and targeted toward a very specific audience (such as people looking for coffee in San Francisco). Thus, people install more apps from obscure publishers on smartphones, and the apps they sideload are more likely to contain malware.


     


    So, although the act of sideloading on android might be safer than on OS X, android users probably tend to sideload shadier apps.



    Best practices would suggest that if you are going to install an application on a computer, smartphone, and tablet, that you go to the most reliable source and method for installing the application.  That means, getting either the app from a reputable download site, which in Apple's case is Apple directly, or by obtaining the CD/DVD when applicable.  Installing an application from a MicroSD card is NOT generally thought of how to install an application on ANY platform since applications are not generally distributed in that manner.  Can one do it?  I guess they could, but where are they getting the application on the MicroSD card in the first place?  From someone else?  If so, that's not a reliable source for the application.


     


    MicroSD cards are generally thought of as a way to transfer data from one device to another when it is convenient to do so. It could be photos (digital cameras is where MicroSD cards became popular), maybe some movies, music and maybe some data files.  That's what MicroSD cards are GENERALLY used for.


     


    Should one get an application or an OS from somewhere like some hacker site? NO. I wouldn't suggest doing that. It may not be a legal copy, it might have some code that might cause some problems down the road since a hacker related site is NOT a reliable source for anything.


     


    OS X users don't generally sideload apps or an updated version of an OS.  I don't know why you even brought it up in the first place.  OS X is a desktop/laptop OS, Android is for smartphones and tablets which are different.


     


    I think you are overusing the term "side loading".  Sideloading doesn't apply to OS X, it applies to mobile devices like smartphones and tablets.

  • Reply 177 of 275
    d4njvrzfd4njvrzf Posts: 797member

    Quote:

    Originally Posted by drblank View Post


    Best practices would suggest that if you are going to install an application on a computer, smartphone, and tablet, that you go to the most reliable source and method for installing the application.  That means, getting either the app from a reputable download site, which in Apple's case is Apple directly, or by obtaining the CD/DVD when applicable.  Installing an application from a MicroSD card is NOT generally thought of how to install an application on ANY platform since applications are not generally distributed in that manner.  Can one do it?  I guess they could, but where are they getting the application on the MicroSD card in the first place?  From someone else?  If so, that's not a reliable source for the application.


     


    MicroSD cards are generally thought of as a way to transfer data from one device to another when it is convenient to do so. It could be photos (digital cameras is where MicroSD cards became popular), maybe some movies, music and maybe some data files.  That's what MicroSD cards are GENERALLY used for.


     


    Should one get an application or an OS from somewhere like some hacker site? NO. I wouldn't suggest doing that. It may not be a legal copy, it might have some code that might cause some problems down the road since a hacker related site is NOT a reliable source for anything.


     


    OS X users don't generally sideload apps or an updated version of an OS.  I don't know why you even brought it up in the first place.  OS X is a desktop/laptop OS, Android is for smartphones and tablets which are different.


     


    I think you are overusing the term "side loading".  Sideloading doesn't apply to OS X, it applies to mobile devices like smartphones and tablets.



    By "side loading" I meant installing software from outside an official repository such as App Store, Google Play, or Windows Store. It's how I've seen the term used, but maybe you could suggest a more accurate alternative. I was responding to a previous remark about the security implications of OS X allowing "sideloading". My point was that although both OS X and android users can install software from anywhere they want, OS X users typically get their software from sources with better-established histories. 

  • Reply 178 of 275
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by d4NjvRzf View Post


    By "side loading" I meant installing software from outside an official repository such as App Store, Google Play, or Windows Store. It's how I've seen the term used, but maybe you could suggest a more accurate alternative. I was responding to that guy's remark about OS X allowing "sideloading". My point was that although both OS X and android users can install software from anywhere they want, OS X users typically get their software from sources with better-established histories. 



    Side loading is supposed to apply to mobile devices like smartphones and tablets.  My understanding of the term is as follows:  The process of tranferring data between two local devices.  Between a mobile device (smartphone/tablet, etc.) to a computer.  SIdeloading can also mean installing an application package onto an Android device that was not downloaded directly from Google Play.   One can do USB side loading, BlueTooth Sideloading, Memory Card side loading.


     




    Yeah, one can side load to a desktop regardless of which OS you are using on the desktop.


     


    Personally I don't use the term side loading.  It's a term that I just don't use. I prefer to use a term more specific to the task that is being discussed.


     


    One can get applications for OS X and iOS from other sources other than Apple's App Store.  But it is probably the most preferred mainly because of its ease of use, Apple screens the Apps to prevent malware infested crap, and it's just easier to keep track and update.  One can get apps from Amazon, many times directly from the software developer, CNET (Version Tracker), and probably other sources as well.  Same goes with iOS, Android, Windows, etc.  some ways are just easier to deal with, more reliable in being malware free, etc.

  • Reply 179 of 275
    relicrelic Posts: 4,735member

    Quote:


    Originally Posted by drblank View Post


     


    What features on Android will Apple NOT provide in the future that you need?  I'm curious as to what your reasons are.



     


    File-manager, able to connect to a server via VPN with said filemanager, Samba, sideloading of apps, SD Card, multiuser support, able to run "all" apps in the background, free development costs, cross app functionality, keyboard replacement (writing for instance), wacom pen active digitizer, widgets, custom home screens, be able to mount the phone on any computer and see the entire drive without the use of a MP3 player, access to the shell for Python, Perl, change default browser, removable battery, complete control.


     


    I no longer have an Android phone as my work switched to BlackBerry's, the Z10 and Q10. Personal phones are a Nokia Pureview 808 and a soon to be shipped JollyOS Phone. I still have a Motorola Xoom II that I use as a hobby machine and for maintaining my servers, aforementioned file-manager and shell scripts.

  • Reply 180 of 275
    relicrelic Posts: 4,735member

    Quote:

    Originally Posted by d4NjvRzf View Post


    My point was that although both OS X and android users can install software from anywhere they want, OS X users typically get their software from sources with better-established histories. 



     


    Funny you mentioned that as the most downloaded applications on PirateBay are for OSX, Photoshop being one of the top, I kind of get why Adobe went to an online subscription. Well, I guess you can say that PirateBay has an established history, ;). Buying a Mac doesn't automatically make you moral, in fact OSX and Linux is a favorite with virus and malware writers, the whole you can't infect yourself with your own work shtick. My first virus was written on a Mac PowerPC 6100 with a Intel 486 card in it, nothing to devious, it popped up a cartoon of a stick figure dancing in Win 95, when you clicked on it, it multiplied by two.


     


Sign In or Register to comment.