Security flaw opens all modern Android devices to "zombie botnet" takeover [u]

145791014

Comments

  • Reply 121 of 275
    macfandavemacfandave Posts: 603member

    Quote:

    Originally Posted by poksi View Post


     


    both made from same plastic material.



    No, silicone and silicon are two separate materials.  It's not just an American/British spelling variation like aluminum/aluminium. :D

  • Reply 122 of 275
    jragostajragosta Posts: 10,473member
    technarchy wrote: »
    I think some here are over reacting and overstating Android's security vulnerabilities.

    These things always get fixed with the latest software updates, so there's nothing to be concerned about at all.

    Just wait for the Jelly Bean update and all will be fine...any day now... 

    Another Android shill who's in denial. The overwhelming majority of Android devices NEVER get an upgrade. This is a very real problem and the failure of Android hardware vendors to upgrade existing systems means that there isn't likely to be a solution - until years down the road when existing handsets are in the trash. Of course, there will be new security flaws before then.
    poksi wrote: »
    both made from same plastic material.

    Not even close. While silicone contains silicon, they're entirely different materials. Silicon isn't 'made from' anything.
    Well just read some of the comments on the App Store - iOS users frequently seems to rip into about any app that isn't free no matter what it is. And then they buy 2400 virtual doughnuts in the Simpsons' Game for £70!!!  :mad:

    Mind you, I can't understand it either, I'm just saying that it happens. It's even curiouser when you think that they actually have to hand over their money to get the device in the first place.

    And, yet, iOS accounts for the lion's share of app revenue.
  • Reply 123 of 275
    runbuhrunbuh Posts: 315member

    Quote:

    Originally Posted by patrickwalker View Post


    I can easily think of ways to get malware on via man-in-the-middle attacks.  Not that hard to do now with all these wifi hotspots around that have very weak security (if any most of the time).





    Please elaborate (this is not sarcasm)!

  • Reply 124 of 275
    lkrupplkrupp Posts: 6,946member

    Quote:

    Originally Posted by rouge View Post



    Go figure apple has a minor pass code bypass hack that requires access to the device and the press flips out... But android has a gainer ability that allows people to literally steal your device right out from under your nose and people see not to care... Wtf


     


    Quote:

    Originally Posted by drblank View Post


    I wonder what's going to happen with regards to returns once this news gets widely distributed around the world in local newspapers and TV?



     


    Simply not going to happen. Only Apple is worthy of this kind of negative information being published. This story won't even get a mention on most tech blogs. If it makes it to C|net I will be surprised. Even here on AI this has already been dealt with by the Android PR team that lurks in the shadows, waiting to spring into action when stuff like this pops up.

  • Reply 125 of 275
    macrulezmacrulez Posts: 2,455member


    So this is the most devastating malware crisis the world has ever seen, eh?


     


    Kindly tell us, Mr. McLean:  what is the number of users who have actually been affected by this exploit?

  • Reply 126 of 275
    Disgusting
    Ml
  • Reply 127 of 275
    macharry demacharry de Posts: 126member


    Samsung's warehouse is the coolest pic ever!


    * LOL *


     


    image

  • Reply 128 of 275
    poksipoksi Posts: 481member

    Quote:

    Originally Posted by macFanDave View Post


    No, silicone and silicon are two separate materials.  It's not just an American/British spelling variation like aluminum/aluminium. :D



     


    in Europe we like to say for a siliconized sponsored woman, that she is "made from plastic" or just being "plastic-fantastic". It is  figure of speech, although I'm not sure Heidi doesn't have few kilos of actual plastic beneath the hood....

  • Reply 129 of 275
    walkopwalkop Posts: 12member
    d4njvrzf wrote: »
    Are the apps modular in android 2.3 and older? If not, does google have the ability to make them so? Could it push out Google Play versions of system software that replace the older versions tied to the OS?
    As far as I am aware, yes, they are. Some applications only support 4.0 ICS and up - for instance, Gmail (although that may only apply to the new UI features, I'm not sure). Google I/O this year made a BIG thing about this; they can actually update the entire application framework without updating the OS itself, which is massive for app developers. That basically means that people on Gingerbread can get access to the same APIs as seen on Jelly Bean. I'm not sure if this applies to all APIs or just those that plugin to Google Play.

    Edit: Yes, but it only applies to any application that uses Google's services. They won't get the features that applications get in Jelly Bean, but they can get any updates to Google's content like Maps, Drive, etc. without touching anything. To answer your question, its for 2.2 Froyo and up. See here.
    mactel wrote: »
    This news isn't going to slow the adoption of Android.  A malware plagued environment that was Windows XP below did not stop people from buying Windows over and over again.  They simply got used to the fact their systems were insecure.  The anti-malware companies will be on Android to reap the profits then they'll post a version for iOS to make it seem like iOS has the same problems when it doesn't.
    Thats very true, it isn't going to slow the progress of Android;

    Because it is inconsequential. No matter what all the proponents of Android say (myself included), not many people use third-party app stores unless they have no other choice. And Google Play has generally been quite safe against malware, unless you download really strange applications (i.e. there was a Bloons Tower Defense 5 clone on the store a while back, but it wasn't even published by NinjaKiwi - it was some really weird foreign developer and the few reviews that were there were terrible).

    Do not say that Google Play does not have a far reach. That's like saying iTunes covers no area. See here for what I'm talking about.

    Full disclosure: I sideload apps. Why? When I find a deal on another fairly reputable store, or an application is seemingly incompatible with my device through Google Play. But I only do this once every couple months, generally.

    @Dunks, see above. And I would definitely agree with you, by its very nature iOS is immune to attacks like this (GENERALLY). No application can gain any system-level permissions and it freezes most applications in the background. However, it IS possible, although less likely than on Android, for it to receive a malware attack. See here. And yes, I did notice the malware-free status of iOS for 5 years. Impressive! I also noticed the fact that Google responded just as quickly as Apple did to this one particular threat.
    aaronj wrote: »
    No, it will garner about 1% the press.
    If you're a website, you want clicks (clicks = ad views, obviously).  No one really cares to click on an Android story in the mainstream.  Apple gets clicks like cray-cray.  So, this won't get coverage. This is simple logic.

    PS: That being said, of course this will be reported on sites like this, and Ars, and Slashdot, etc.  But what?  About 0.00001% of the population reads those sites?
    Actually, look at Engadget. Please, don't act like that. Just try to be balanced with your views.
    It's called an App Store ecosystem that has paid independent software vendors $10 billion and counting. Not that Android users would know about or appreciate sustainable app economies.
    Actually, Google Play is growing massively profit-wise, not just with downloads. See here and here. Most importantly, here. From Q2 2012 to Q3 2013, Play revenue rose by ~90%. iTunes? ~25%. Also, @ThePixelDot, you'll like the first link there.

    jragosta wrote: »
    Another Android shill who's in denial. The overwhelming majority of Android devices NEVER get an upgrade. This is a very real problem and the failure of Android hardware vendors to upgrade existing systems means that there isn't likely to be a solution - until years down the road when existing handsets are in the trash. Of course, there will be new security flaws before then.
    That doesn't really matter, because this has already been patched all the way back to...well, every device, that uses Google Play. If you want references that it IS a large platform and is available in basically any country you need, see my above comments. And, yes, iOS accounts for the lion's share of app revenue, but review the facts please. :) Yes it has the lions share. See above for references. Google nearly doubled its revenue in one quarter! That is definitely impressive.
    macrulez wrote: »
    So this is the most devastating malware crisis the world has ever seen, eh?

    Kindly tell us, Mr. McLean:  what is the number of users who have actually been affected by this exploit?
    That, my friend, is the key point. Basically no-one, since Google has silently patched all applications and blocked further uploads through the Play Store. Yes, this definitely affects side-loaders, but if you're careful when you do that then this doesn't really matter either. Not many people sideload unless they have to, as I stated earlier in my post.
  • Reply 130 of 275

    Quote:

    Originally Posted by GTR View Post


    Unlikely to affect the majority of Android "users"... 


     



     


    image



    Google already have top men working on a fix. Top... Men.

  • Reply 131 of 275
    matrix07matrix07 Posts: 1,993member
    All I can say is I never see so many people putting their heads in the sand at the same time like this. Do you think Android secure? Do you think wasting your time reading long and tedious permissions will help you? Sorry, just looks at my signature. Android will never be secure. Who knows how many exploits people yet to find out? Who knows even Google tools in Google Play are as secure as they say.
    This will not stop. It will only get worse.
  • Reply 132 of 275
    denobindenobin Posts: 46member
    os2baba wrote: »
    Because when you do have to use it, it's enormously useful!  Before Swype was added to the PlayStore, that's how I installed it.  That's how I installed SwiftKey betas.  That's how I install a bunch of really really useful root apps from XDA.  That's how I installed the Amazon App Store App when I was using it.  That's how I install Ad blocking apps when Google decided to get a little evil and removed them from the Play Store.  And even then I'm very careful to disable side loading of apps as soon as I'm done installing the app.

    The reason this doesn't get too much play (even though in concept it's very dangerous) is because it'd be extremely unlikely for someone to install an app from *any* store and then side load an updated app.  Why wouldn't they simply update the app from the store?  There are far more likely scenarios for them to get malware by sideloading apps in the first place if they got it from unreputable sources - basically pirating the apps.  And if they did that, well, serves them right.  I really can't understand how anyone can pirate apps that cost about a cup of coffee or a lunch at most.
    And yet, many do. It doesn't take away that this is a seriously bad exploit that has very little chance of getting widely patched.
  • Reply 133 of 275
    technarchy wrote: »
    I think some here are over reacting and overstating Android's security vulnerabilities.

    These things always get fixed with the latest software updates, so there's nothing to be concerned about at all.

    Just wait for the Jelly Bean update and all will be fine...any day now... 

    A flaw this big in iOS would be endlessly and mercilessly be flogged in the tech press and lampooned on late night TV talk shows. And your lot would not defend iOS. So, quid pro quo, baby.
  • Reply 134 of 275
    walkopwalkop Posts: 12member
    matrix07 wrote: »
    All I can say is I never see so many people putting their heads in the sand at the same time like this. Do you think Android secure? Do you think wasting your time reading long and tedious permissions will help you? Sorry, just looks at my signature. Android will never be secure. Who knows how many exploits people yet to find out? Who knows even Google tools in Google Play are as secure as they say.
    This will not stop. It will only get worse.
    Yes, I do, because the majority of issues don't even really matter. I find that Motorola article quite interesting - I plan on sharing it with some popular tech sites. But that is not representative of Android, because that is a single company. Any company can do whatever they want with Android, Google has no hold on them. Motorola is not an exception. Don't say it is, because it is owned by Google - for one, the Droid X2 is over two years old, well before the Google acquisition of Motorola. Second, Motorola has been run independently of Google, although they obviously have an influence on them. Finally, has this issue been discovered on newer phones, post-acquisition? Has it been discovered on any other devices by any other companies?

    Until we know those facts, you cannot make blanket statements saying Android at it's core is insecure. The Play store is secure, there are no core-level compromises of its security features (bypassing permission limitations, Google's remote "kill" commands, or their ability to remove/edit apps remotely). Google apps, insecure? Seriously? Google hasn't been hacked. Ever. Save for one instance that I am aware of (correct me if I'm wrong, though!): here. 2 email accounts were compromised, but only subject line information and basic account information (i.e. creation date) were accessed.
  • Reply 135 of 275
    macrulezmacrulez Posts: 2,455member

    Quote:

    Originally Posted by Walkop View Post



    That, my friend, is the key point. Basically no-one, since Google has silently patched all applications and blocked further uploads through the Play Store. Yes, this definitely affects side-loaders, but if you're careful when you do that then this doesn't really matter either. Not many people sideload unless they have to, as I stated earlier in my post.


    Sounds a lot like OS X, where for now users are still free to sideload from outside of Apple's store. 


     


    But even then, OS X doesn't provide the access requirements for apps that Android does, so from the arguments presented here it would seem that OS X is less secure.

  • Reply 136 of 275

    Quote:

    Originally Posted by Macky the Macky View Post


    To all the Walled Garden Apple-hating idiots; welcome to the wide-assed open Android OS where free malware abounds. 


     


    I've been waiting for this day, for it was sure to come. Now, 900 million Android customers are re-thinking their earlier choice. I'd not be surprised if Apple sales sees a surge that would put the Sandy hurricane to shame... The new iPhones can't get here soon enough...!!!



     


    Don't hold your breath.   


     


    From arstechnica:


    ""I imagine that Google would move quickly to add some logic to look for such attacks," Dan Wallach, a professor specializing in Android security in the computer science department of Rice University, told Ars. "Without that available to an attacker, this is likely to only be relevant for Android users who use third-party app stores (which have lots of other problems). This bug could also be valuable for users trying to 'root' their phones."


     


    The question you should be pondering is why you even care so much about how well or poorly Android does?   As former iPhone owner, current iPad owner, and soon-to-be Macbook owner, I surf the Apple sites to get information on gear I'm interested in.  But what I'm noticing is that there is a surprising number of people on this site who are obsessed with hating Android.  Why?


     


    I buy whatever suits my needs.  I have use and own multiple operating systems: Windows, Linux, Android, iOS...and later today, OS X.  They all have their pros and cons.  I bought my Mom an iPad because I wanted something simple for her, where I didn't have to worry about what she downloads and installs.  I switched to Android because I wanted features that iOS and Apple can't or won't provide.   No big deal.  I still enjoy my iPad but now I have the additional capability I wanted via my Android phone.  I'll continue to use Windows and Linux even while adding an OS X device to my collection.  What I won't be doing is hoping for a vulnerability to be discovered in any of them.

  • Reply 137 of 275
    aaronjaaronj Posts: 1,595member

    Quote:

    Originally Posted by poksi View Post


     


    in Europe we like to say for a siliconized sponsored woman, that she is "made from plastic" or just being "plastic-fantastic". It is  figure of speech, although I'm not sure Heidi doesn't have few kilos of actual plastic beneath the hood....



     


    Actually, no one (well, I shouldn't say no one -- maybe in really poor places, or something) has used silicone implants in a long time.  They are saline.  In Heidi's case, they are GIGANTIC saline implants, but still saline.


     


    Just clarifying. :)

  • Reply 138 of 275
    aaronjaaronj Posts: 1,595member

    Quote:

    Originally Posted by Walkop View Post







    Actually, look at Engadget. Please, don't act like that. Just try to be balanced with your views.


     


    Oh, yes, because just EVERYONE reads Endgadget.  Honestly, next time you go and get a coffee, ask your barista if she saw the story on Endgadget about xyz.


     


    You can tell me about the blank stare later.


     


    Hell, hardly anyone even follows REAL news!  I would bet that less than 20% (maybe less than 5%, actually) of the US population can tell you what the present situation in Egypt is.  We've had candidates for PRESIDENTIAL level office who didn't know who fought in WWII.  A MAJORITY of Americans think we fought AGAINST the Soviets in WWII.


     


    Depending on how you look at it (which people you are questioning, in other words), something between 30% and 50% of Americans believe the Earth is less than 10,000 years old.


     


    And you're telling me that they are reading Endgadget or Ars or here?  Please.

  • Reply 139 of 275
    droidftwdroidftw Posts: 1,009member


    This story is the 3rd most popular read article and the second most shared on BBC News right now.


     


    http://www.bbc.co.uk/news/technology-23179522


     


     


    Quote:


    The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves.


     


    One other hurdle is that in order to catch out Android users, malicious hackers would have to get their booby-trapped version of a legitimate application on to the Google Play store, said security expert Dan Wallach in an interview with Ars Technica.




     


    EDIT:  It's now the most popular and most shared.

  • Reply 140 of 275
    povilaspovilas Posts: 473member


    It's a race to the bottom already and no one will bother patching this.

Sign In or Register to comment.