'Stagefright' vulnerability compromises Android phones with 1 text message, may affect 950M devices

245678

Comments

  • Reply 21 of 157
    solipsismysolipsismy Posts: 5,099member
    sog35 wrote: »
    WRONG.  They only do it for a guaranteed 18 months after purchase or 3 years after the device release date.  After that good luck.

    And Nexus only makes up 1% of total Android unit sales.

    1) The number of devices doesn't seem relevant to his point.

    2) 3 years is on par with Apple's release cycle (up until this last WWDC where iOS 9 will be supported by all the devices that supported iOS 8) so that holds his point.

    3) Even if we were to analyze the time frames to find that Apple supports their devices longer, it's a moot point since his "the way Apple does" comment is clearly referencing the OS maker to customer device update path, without the carrier's involvement, not the length of time in which new updates are being pushed to a device.
  • Reply 22 of 157
    rwesrwes Posts: 200member
    Quote:
    Originally Posted by sog35 View Post

     

    ABC news solution to stagefright

     

    Android Stagefright Hack: How to Make Sure You're Protected

     

    "Android users by default should have antivirus running on their mobile devices," he added. "Unfortunately antivirus is a download that requires their attention."

     

     

    http://abcnews.go.com/Technology/android-stagefright-hack-make-protected/story?id=32738151

     

     

    LOLLLLLOOLLLOLLLOLLLLOL!

     

    So now you need antivirus software on your Android phone


     

    This is what is so annoying dealing with a lot of Android users sometimes (family/friends included). They don't acknowledge the fact that they (even remotely, savvy users) are but a small fraction of users in the Android universe. And that the Android flexibility/openness they love so much can be a headache for everyone else.

     

    If I had my parents on Android devices for example, or just even thinking about the friends who use Android devices (and make uninformed comments about things), they would have absolutely no idea. (Edit: I'm not saying Apple / iOS users don't make uninformed comments! by any means)

     

    No one is going to protect the 'regular' Android users and that's just unfortunate. Google will/does try, but is hamstrung. And then you have companies making money off users by selling them antivirus (for their mobile) which is even sadder, because for a lot of people, they buy ~Android~ because it is cheaper (*** a lot ***, not all).

     

    But the people, again, savvy enough to be running CM and other Mods are and will be fine. It's the rest of the people on the platform though, who are in an unfortunate situation.

  • Reply 23 of 157
    solipsismysolipsismy Posts: 5,099member
    sog35 wrote: »
    WTF are you talking about.

    99.9% of Android devices don't get guaranteed updates.  

    OH I get it now!

    When its something good Google takes credit for Android devices.
    1 billion Android devices were sold last year!  We did it! we are awesome.

    When its something bad Google takes no blame for Android devices.
    Oh those 1 billion non Nexus Android devices are not our responsibility.

    Did you read what was written or are just trolling the forum because it's about Android? The OP stated that no other smartphone vendor was doing pushing updates directly to devices without carrier involvements. [@]dasanman69[/@] correctly noted that Google does with their Nexus devices. He didn't claim that ALL vendors are doing so you need to slow your roll and learn to read more carefully.
  • Reply 24 of 157



    Thats not national news. Thats a google search for the subject at hand- which returns a bunch of blogs. YOU know how to search for that. I know how to search for that. But the everyday person does not take the time to do that. Let me clarify: This should be on televised news (E.g., Fox, CNN, MSNBC, even local news!)

  • Reply 25 of 157
    lkrupplkrupp Posts: 10,351member

    As has been pointed out it was Steve Jobs’ genius to negotiate total control away from the carriers. If this were an iOS issue we would get a patch in a timely manner without having to rely on our carriers.

     

    In other news you should see the dog and pony show going on over at c|net. The Android apologists are out in great force spinning this into a non issue that no one need worry about. 

  • Reply 26 of 157
    rwesrwes Posts: 200member
    Quote:

    Originally Posted by lkrupp View Post

     

    As has been pointed out it was Steve Jobs’ genius to negotiate total control away from the carriers. If this were an iOS issue we would get a patch in a timely manner without having to rely on our carriers.

     

    In other news you should see the dog and pony show going on over at c|net. The Android apologists are out in great force spinning this into a non issue that no one need worry about. 


     

    Meanwhile, in reality, anyone that's a target of any sort of identity theft, or that maybe in some privileged position at some company/business should (and probably may have already) disabled automatic loading of MMS messages (or have security software on their device to limit the damage).

     

    And even then, for the sake of profit alone, randsomeware for peoples phones; imagine that. The argument there of course will be, which is true, that you (they) should have had a backup (from which they may restore and probably still be vulnerable).

  • Reply 27 of 157
    afrodriafrodri Posts: 190member
    Quote:

    Originally Posted by Prince Brian View Post

     



    Thats not national news. Thats a google search for the subject at hand- which returns a bunch of blogs. YOU know how to search for that. I know how to search for that. But the everyday person does not take the time to do that. Let me clarify: This should be on televised news (E.g., Fox, CNN, MSNBC, even local news!)


     

    I'm not sure how much has been televised, but it is more than blogs reporting it. A number of national and international news sources have covered / are covering it:

    http://money.cnn.com/2015/07/27/technology/android-text-hack/

    http://www.nbcnews.com/tech/security/android-flaw-could-let-hackers-take-over-phone-text-n399016

    http://abcnews.go.com/Technology/android-stagefright-hack-make-protected/story?id=32738151

    http://www.bbc.com/news/technology-33689399

     

    It looks like at least CNN has broadcast it, probably others.

     

    So far, this exploit hasn't been reported 'in the wild', so it hasn't made its way from the 'Technology' section to the front page.

  • Reply 28 of 157
    gatorguygatorguy Posts: 23,522member
    sog35 wrote: »
    PAGING GATORGUY
    PAGING GATORGUY
    PAGING GATORGUY

    even our resident Google lover is ashamed to post in this topic.
    Heck you're a day late. I posted about it yesterday, more than 30 hours ago.
    http://forums.appleinsider.com/t/185846/roommates-stab-each-other-with-beer-bottles-in-iphone-vs-android-dispute/80#post_2753031

    In the meantime I just turned off "auto-retrieve" in my messaging app. That takes care of it for now.
  • Reply 29 of 157
    anantksundaramanantksundaram Posts: 20,368member
    lkrupp wrote: »
    As has been pointed out it was Steve Jobs’ genius to negotiate total control away from the carriers. If this were an iOS issue we would get a patch in a timely manner without having to rely on our carriers.

    The real genius was to get ATT to completely fall in line, in return for which, Steve gave them the promised exclusivity (even in the face of considerable commentary that said Apple should move to other carriers quicker). Rumors then also had it that Verizon wanted carrier control, but Steve told them to take a hike.

    Once ATT was in the bag, the rest had no choice but to follow.
  • Reply 30 of 157
    dick applebaumdick applebaum Posts: 12,527member
    solipsismy wrote: »
    daven wrote: »
    To Google's credit, they applied the supplied fix quickly to their internal builds. On Android user's detriment, most will never be able to obtain the fix because of the way Google licenses Android.

    It's too bad they can't compartmentalize more of their codebase so that fixes for these severe and easily accessible* vulnerabilities can be more easily administered.

    * meaning, the attacker can easy exploit the device, typically remotely, and the extent of the exploit is to allow extensive system access.

    Mmm ...

    Maybe Google could send the fix to all Android users via MMS :D
  • Reply 31 of 157

    But Gatorguy keeps telling me that Google Play Services can send out security fixes to almost all Android devices.

     

    Add this to the growing list of vulnerabilities that are OUTSIDE the scope of what Google Play Services can fix.

  • Reply 32 of 157
    Quote:

    Originally Posted by afrodri View Post

     

     

    I'm not sure how much has been televised, but it is more than blogs reporting it. A number of national and international news sources have covered / are covering it:

    http://money.cnn.com/2015/07/27/technology/android-text-hack/

    http://www.nbcnews.com/tech/security/android-flaw-could-let-hackers-take-over-phone-text-n399016

    http://abcnews.go.com/Technology/android-stagefright-hack-make-protected/story?id=32738151

    http://www.bbc.com/news/technology-33689399

     

    It looks like at least CNN has broadcast it, probably others.

     

    So far, this exploit hasn't been reported 'in the wild', so it hasn't made its way from the 'Technology' section to the front page.




    Well that is one rebuttal that I would gladly conceded to! LOL! 

  • Reply 33 of 157
    dick applebaumdick applebaum Posts: 12,527member
    A newly discovered security issue in the Android mobile operating system dubbed "Stagefright" has been called one of the worst vulnerabilities to date, and could present a critical issue for some 95 percent of devices in users' hands.

     
    13715-8739-stagefright_v2_breakdown-e1438001259526-1024x266-l.jpg

    Where do these logos / branding images come from? These underground hackers have great PR departments.


    1000
  • Reply 34 of 157
    rwesrwes Posts: 200member
    Quote:
    Originally Posted by Dick Applebaum View Post





    Mmm ...



    Maybe Google could send the fix to all Android users via MMS image

     

    Actually, all jokes aside, depending on how much access the exploit allows, shouldn't that be possible? Because they could bypass the carriers that way.

     

    They would only need the phone number of all devices which have MMS enabled or Hangouts access. "Additional/Carrier charges may apply"

     

    Possible; not easy, or likely...

  • Reply 35 of 157
    sog35 wrote: »
    ABC news solution to stagefright

    <h1 style="color:rgb(51,51,51);margin-bottom:0px;margin-top:0px;padding-bottom:0px;">Android Stagefright Hack: How to Make Sure You're Protected</h1>


    "Android users by default should have antivirus running on their <a href="http://abcnews.go.com/topics/business/technology/mobile-devices.htm" style="color:rgb(46,83,143);margin:0px;padding:0px;" target="_blank">mobile devices</a>
    ," he added. "Unfortunately antivirus is a download that requires their attention."


    http://abcnews.go.com/Technology/android-stagefright-hack-make-protected/story?id=32738151


    LOLLLLLOOLLLOLLLOLLLLOL!

    So now you need antivirus software on your Android phone

    And we all know how antivirus software bogs down computers... the normal hesitation of Android devices will be like trying to watch a movie by holding the film up to a light bulb, "Crap is as crap does...."
  • Reply 36 of 157
    formosaformosa Posts: 261member
    Quote:
    Originally Posted by SolipsismY View Post





    Why are other smartphone vendors so dependent on the carriers that updates have to go through them? Is getting paid by the carriers to allow them to push crapware on the devices the only way they can make money on the devices? Is there another reason?



    In the 90's, the carriers had to fully test the vendors' devices to make sure the phones didn't screw up their networks (latency issues, proper handoffs, etc.). They also asked for software features to differentiate themselves from other carriers' similar phone releases. Both could take months. Remember, this was the dumbphone days (with embedded processor code), and the very early days of digital protocols (GSM & CDMA).

     

    Now, I guess that the GSM/EDGE/LTE software stacks are sufficiently mature that the carriers don't need to fully test as much.

     

    Yes, Jobs gave AT&T an exclusive, but technically, how did he convince AT&T that Apple could update the iPhone directly?

  • Reply 37 of 157
    dasanman69dasanman69 Posts: 13,002member
    chadbag wrote: »
    dasanman69 wrote: »
    Wrong. Google updates its Nexus devices the way Apple does.


    And how many Nexus devices are out there compared to other Android devices?   Apple does it with ALL their devices.   So yes, quite.

    Google sold Nexus themselves.  They did not go through carriers.

    It doesn't matter, Apple isn't the only one that does that. That people don't buy their devices is another issue.
  • Reply 38 of 157
    cfuglecfugle Posts: 34member
    So in 7 months after the Samsung Corp decides to flip to Tizen on all it's phones and leaves millions of Android users in the lurch (again) and cannot seem to learn that loyalty and repeat customer business is a model of success for Apple, they redirect their "loyal" android user-base to the Tizen enabled new phone page....
    BTW - has anyone actually tried to get support online at Samsung for a phone? I tried to search for help for "galaxy" under model type and 176 options came up before even describing my issue. I may need to request time off of work to solve my cell phone problem. Again. Humour aside, having formerly purchased 3 android pieces of crap all of which lasted about 20 minutes before wanting to pierce my heart with them, my iphone 4 that's been handed down is still working perfectly and getting patches regularly over the air. I wish Samsung understood the phenomenal business model Apple uses and how their return rate fuels their bottom line. If they decided to "copy" that process then maybe things would turn around for them finally.
  • Reply 39 of 157
    rwes wrote: »
    lkrupp wrote: »
     
    As has been pointed out it was Steve Jobs’ genius to negotiate total control away from the carriers. If this were an iOS issue we would get a patch in a timely manner without having to rely on our carriers.

    In other news you should see the dog and pony show going on over at c|net. The Android apologists are out in great force spinning this into a non issue that no one need worry about. 

    Meanwhile, in reality, anyone that's a target of any sort of identity theft, or that maybe in some privileged position at some company/business should (and probably may have already) disabled automatic loading of MMS messages (or have security software on their device to limit the damage).

    And even then, for the sake of profit alone, randsomeware for peoples phones; imagine that. The argument there of course will be, which is true, that you (they) should have had a backup (from which they may restore and probably still be vulnerable).

    Meanwhile IBM is thanking their lucky star they partnered with Apple to promote and provide services for iDevices only. Android is proving to be an endless pool of exploits similar to Windows... no matter how many patches are applied, more will be needed....
  • Reply 40 of 157
    boredumbboredumb Posts: 1,418member
    Quote:

    Originally Posted by digitalclips View Post

    But at least they are not in a crappy walled garden like is Apple folks image

    Apparently they are firmly committed to not "walling" anything...

    Well...there's Google Wallet, isn't there?  I wonder whether even that is "walled"?

Sign In or Register to comment.