'Stagefright' vulnerability compromises Android phones with 1 text message, may affect 950M devices

135678

Comments

  • Reply 41 of 157
    dasanman69dasanman69 Posts: 13,002member
    lkrupp wrote: »
    As has been pointed out it was Steve Jobs’ genius to negotiate total control away from the carriers. If this were an iOS issue we would get a patch in a timely manner without having to rely on our carriers.

    The real genius was to get ATT to completely fall in line, in return for which, Steve gave them the promised exclusivity (even in the face of considerable commentary that said Apple should move to other carriers quicker). Rumors then also had it that Verizon wanted carrier control, but Steve told them to take a hike.

    Once ATT was in the bag, the rest had no choice but to follow.

    It was Cingular, who had really no choice but to bow down, and the Verizon story is probably BS.
  • Reply 42 of 157
    dick applebaumdick applebaum Posts: 12,527member
    rwes wrote: »
    Mmm ...


    Maybe Google could send the fix to all Android users via MMS :D

    Actually, all jokes aside, depending on how much access the exploit allows, shouldn't that be possible? Because they could bypass the carriers that way.

    They would only need the phone number of all devices which have MMS enabled or Hangouts access. "Additional/Carrier charges may apply"

    Possible; not easy, or likely...


    I was half serious!

    I suspect that somewhere on Google's servers they have the phone number of most smart phones (including iPhones) that have been harvested when the user uses any Google service.

    Or, Google could set up a web site/MMS/Phone Number where users could access and apply the fix ...

    Then, the hackers/spammers would do intercepts on those -- and launch further destruction ...

    The world would implode if > 90% of phone users had no access to any outside info ... All they could do is stare at their own selfies ...


    The Bigger Question:  WWHCD?
  • Reply 43 of 157
    rwesrwes Posts: 200member
    Quote:

    Originally Posted by Macky the Macky View Post





    Meanwhile IBM is thanking their lucky star they partnered with Apple to promote and provide services for iDevices only. Android is proving to be an endless pool of exploits similar to Windows... no matter how many patches are applied, more will be needed....

     

    I understand the OEMS wanting to differentiate themselves and I can see why the do still do what they do. I understand the carriers wanting to differentiate themselves as well, but they've been relegated to dumb pipes (that they didn't want to be) at this point, so they really need to get out of the way.

     

    Not happening anytime soon I'm sure... It just boggles my mind that anyone at any of these carriers is thinking that they're doing their uses a favor in anyway, or even keeping their users on their network by messing with their devices.

     

    @Dick Applebaum  Love it - Too funny ^!

  • Reply 44 of 157
    pscooter63pscooter63 Posts: 1,067member
    Quote:

    Originally Posted by dasanman69 View Post



    It was Cingular, who had really no choice but to bow down, and the Verizon story is probably BS.

     

    Well, remember that Cingular announced their merger with AT&T at the same (now legendary) iPhone introduction event.

  • Reply 45 of 157
    Quote:

    Originally Posted by Prince Brian View Post



    Let's put this into perspective. The population of North America is about 565 million. That means if an attack were to kick off, EVERY Andriod handset in the Western Hemisphere would be compromised! Why isn't this national news???



    You're on a news site asking why it isn't news?

  • Reply 46 of 157
    kschererkscherer Posts: 79member
    So, this thing allows a hacker to text malicious code, right?

    So, why not just text the patch?

    Use the vulnerability to fix the vulnerability. Send a text to every registered Android phone number and BAM!
  • Reply 47 of 157
    cfugle wrote: »
    So in 7 months after the Samsung Corp decides to flip to Tizen on all it's phones and leaves millions of Android users in the lurch (again) and cannot seem to learn that loyalty and repeat customer business is a model of success for Apple, they redirect their "loyal" android user-base to the Tizen enabled new phone page....
    BTW - has anyone actually tried to get support online at Samsung for a phone? I tried to search for help for "galaxy" under model type and 176 options came up before even describing my issue. I may need to request time off of work to solve my cell phone problem. Again. Humour aside, having formerly purchased 3 android pieces of crap all of which lasted about 20 minutes before wanting to pierce my heart with them, my iphone 4 that's been handed down is still working perfectly and getting patches regularly over the air. I wish Samsung understood the phenomenal business model Apple uses and how their return rate fuels their bottom line. If they decided to "copy" that process then maybe things would turn around for them finally.

    Tizen is much worse then Android in more ways then I can count. Plus no one's writing third party crapware for Tizen. I really doubt Samsung will ever switch to that dog.

    Samsung, like the rest of the Android crap is dependent on Google who is not dependent on Android and will work on the code as long as they don't get bored with it.
  • Reply 48 of 157
    solipsismysolipsismy Posts: 5,099member
    kscherer wrote: »
    So, this thing allows a hacker to text malicious code, right?

    So, why not just text the patch?

    Use the vulnerability to fix the vulnerability. Send a text to every registered Android phone number and BAM!

    In theory that sounds plausible but can code really be sent out like that without any built-in contingency if the update goes awry in any of these thousands of HW builds running on hundreds of carriers each with their own SW installations? Hackers don't have to care about that but corporations do. Not just from potentially hurting their customer base, but from a major backlash in the form of a class action.
  • Reply 49 of 157
    solipsismysolipsismy Posts: 5,099member
    chazwatson wrote: »
    You're on a news site asking why it isn't news?

    He did write "national news" and the implication of regular news outlets was clear, not a tech news sites that primarily focuses on Apple.
  • Reply 50 of 157
    gatorguygatorguy Posts: 23,522member
    solipsismy wrote: »
    He did write "national news" and the implication of regular news outlets was clear, not a tech news sites that primarily focuses on Apple.
    It was reported on Fox News this morning, Also noted it on the local news this evening.
  • Reply 51 of 157
    fallenjtfallenjt Posts: 4,050member
    Quote:

    Originally Posted by sog35 View Post

     

    Paging Gatorguy

    Paging Gatorguy

    Paging Gatorguy

     

     

    No way would I ever buy an Android. 

    And no way on earth would I do mobile payments or any other money transaction on it.


    That's fair for an iPhone fan. Here is what comes from an Android fan I know: "no way I'm going to put my credit card info in my Note, I don't trust Android even though I like it very much".

  • Reply 52 of 157
    Quote:

    Originally Posted by kscherer View Post



    So, this thing allows a hacker to text malicious code, right?



    So, why not just text the patch?



    Use the vulnerability to fix the vulnerability. Send a text to every registered Android phone number and BAM!



    We all know patches don't always work correctly, which means you could potentially brick someone's phone while trying to save them.  That might not be considered an improvement to a user (one could argue that it takes away the risk of further infection, though!).

     

    Also, the issue is with a C++ process, which means the code would need to be either pre-compiled for every processor and target delivered, or compiled on the device and have all the correct dependancies in place.  None of that is straight forward or risk free.

     

    Also, I would image that it takes a lot longer to come up with a brand new deployment solution (compatible with every phone out there) through an exploit than go through a normal patch release process.

     

    The answer is it's not feasible.  However, I wouldn't be surprised if the (white/gray) hacker community came up with a way to block the exploit, much like they sometimes do when sealing up exploits behind them when jailbreaking devices.

  • Reply 53 of 157
    solipsismysolipsismy Posts: 5,099member
    dasanman69 wrote: »
    It was Cingular, who had really no choice but to bow down, and the Verizon story is probably BS.

    I don't think the Verizon story is BS. Why wouldn't Apple engage in talks with all the carriers? At the very least it could be used to leverage the one they wanted. Why would Verizon want to give Apple something that had never been done previously? Verizon was by far the largest and most powerful carrier so having a HW vendor dictate terms at all would likely be laughable unless they had some insightful executives (which is historically doubtful). I seem to recall that Apple dictated these terms without letting the carriers know anything about the device. Cingular wanted a leg up since they weren't on top and the Apple deal was a wildcard, and risk taking is less likely when you are in the number one position. I think it's all very plausible, but I wouldn't phrase it as Cingular having to bow down to Apple, remember this 2005, they simply came to a mutual agreement that each party hoped would be beneficial.
  • Reply 54 of 157
    dick applebaumdick applebaum Posts: 12,527member
    solipsismy wrote: »
    kscherer wrote: »
    So, this thing allows a hacker to text malicious code, right?

    So, why not just text the patch?

    Use the vulnerability to fix the vulnerability. Send a text to every registered Android phone number and BAM!

    In theory that sounds plausible but can code really be sent out like that without any built-in contingency if the update goes awry in any of these thousands of HW builds running on hundreds of carriers each with their own SW installations? Hackers don't have to care about that but corporations do. Not just from potentially hurting their customer base, but from a major backlash in the form of a class action.


    Reminds me of a quote from the Nixon era:  "When the going gets tough, The tough get going!"  Some wag added "... and then the going gets tougher;)

    I suspect that regardless of what Google does they will be subject to a class action.


    The irony is that for every Android Phone that gets hacked -- it is one less Android Phone that can receive Google Ads!

    And that's the raison d'être for Android.

    Wonder where AndyAndy is now :???:"
     
  • Reply 55 of 157
    gatorguygatorguy Posts: 23,522member
    kscherer wrote: »
    So, this thing allows a hacker to text malicious code, right?

    So, why not just text the patch?

    Use the vulnerability to fix the vulnerability. Send a text to every registered Android phone number and BAM!
    You could just turn off "auto-retrieve" in your messaging apps settings as a stop-gap.
  • Reply 56 of 157
    Quote:
    Originally Posted by SolipsismY View Post





    He did write "national news" and the implication of regular news outlets was clear, not a tech news sites that primarily focuses on Apple.



    Actually, if the question is 'why isn't this being presented on national news,' then the implication is that it's local news, which is lesser than national news.  The implication is not "regular news outlets," as you incorrectly suggest.  Being on the internet, Apple Insider is international, and therefor qualifies on an accessibility scale as being greater than national news.

     

    And "regular news outlets"?  I think the term you're grasping for is "mainstream news."

  • Reply 57 of 157
    dasanman69dasanman69 Posts: 13,002member
    solipsismy wrote: »
    dasanman69 wrote: »
    It was Cingular, who had really no choice but to bow down, and the Verizon story is probably BS.

    I don't think the Verizon story is BS. Why wouldn't Apple engage in talks with all the carriers? At the very least it could be used to leverage the one they wanted. Why would Verizon want to give Apple something that had never been done previously? Verizon was by far the largest and most powerful carrier so having a HW vendor dictate terms at all would likely be laughable unless they had some insightful executives (which is historically doubtful). I seem to recall that Apple dictated these terms without letting the carriers know anything about the device. Cingular wanted a leg up since they weren't on top and the Apple deal was a wildcard, and risk taking is less likely when you are in the number one position. I think it's all very plausible, but I wouldn't phrase it as Cingular having to bow down to Apple, remember this 2005, they simply came to a mutual agreement that each party hoped would be beneficial.

    I highly doubt Apple ever considered going CDMA at first. That would not have been conducive to a worldwide roll out. It was much smarter to make the phone compatible to many smaller carriers than one big one. Any talks between Apple and Verizon were feelers at most.
  • Reply 58 of 157
    solipsismysolipsismy Posts: 5,099member
    chazwatson wrote: »

    Actually, if the question is 'why isn't this being presented on national news,' then the implication is that it's "local news," which is lesser than "national news."  The implication is not "regular news outlets," as you incorrectly suggest.  Being on the internet, Apple Insider is international, and therefor qualifies on an accessibility scale as being greater than national news.

    And "regular news outlets"?  I think the term you're grasping for is "mainstream news."

    And it didn't occur you that he meant mainstream, regular or some other synonym that refers to a nationally distributed newspaper, cable or network TV news outlet? Seems like a bit of a leap to ignore all that and assume that his use of national meant niche news website.
  • Reply 59 of 157
    solipsismysolipsismy Posts: 5,099member
    dasanman69 wrote: »
    I highly doubt Apple ever considered going CDMA at first. That would not have been conducive to a worldwide roll out. It was much smarter to make the phone compatible to many smaller carriers than one big one. Any talks between Apple and Verizon were feelers at most.

    How did we get to talking about what HW they considered? We were talking about Apple's negotiations with carriers. Apple may not have wanted to do a CDMA iPhone but that doesn't mean they didn't engage in negotiations in order to strengthen their position with the carrier they did wish to make a deal. You should be able to grasp that tactic.
  • Reply 60 of 157
    Quote:
    Originally Posted by SolipsismY View Post





    And it didn't occur you that he meant mainstream, regular or some other synonym that refers to a nationally distributed newspaper, cable or network TV news outlet? Seems like a bit of a leap to ignore all that and assume that his use of national meant niche news website.



    But it is in mainstream news outlets, so why would anyone assume he was wondering why it wasn't?  There is no value left in the post.  All that remains is irony.

Sign In or Register to comment.