'Stagefright' vulnerability compromises Android phones with 1 text message, may affect 950M devices

123457

Comments

  • Reply 121 of 157
    gatorguygatorguy Posts: 24,176member
    sog35 wrote: »
    Google said 3 years from release date.  His time for updates will end in Oct 2015.

    He's on borrowed time and if we see another attack he won't have any defense using an out of date OS
    Wait... so is it the two years you claimed it was or three years that you've now changed it to? Or is NOT a bright line in the first place where Google says you won't get another update? Where is this Google announcement that three year old devices will never get another update?
  • Reply 122 of 157
    gatorguygatorguy Posts: 24,176member
    sog35 wrote: »
    You tell me.  Google is the one that keeps moving the goal post.

    Hell Google is constantly releasing products and then 6 months later dropping all support ( Glass, NexusOne, GoogleTV, ect)

    I don't follow Google.  I dont care.  All I know is 99% of their devices dont get updates.
    I already told you how I understood it. You're the one harping on claiming Google said no updates after 2 years, then changing the claim to three years. I'm just trying to find out where your got that from.

    If you're guessing or just made it up then say so. If that came from Google then post the link. Maybe you're right, but repeating it over and over if you're not isn't being helpful or honest.
  • Reply 123 of 157
    patpatpatpatpatpat Posts: 628member
    Quote:

    Originally Posted by sog35 View Post

     

     

    5.1 is almost a year old dude.

     

    So you just made the 2 year cutoff.  You are on your own from now on though.


     

    Hogwash. For tablets 5.1 was released in March 2015.

  • Reply 124 of 157
    patpatpatpatpatpat Posts: 628member
    Quote:

    Originally Posted by sog35 View Post

     

     

     

    I don't follow Google.  I dont care.  All I know is 99% of their devices dont get updates.


     

    Jeez, where do you pull this stuff from.  You don't follow Google yet you have so "much" knowledge about their support policies. And you "know" that 99% of their devices get updates?.

  • Reply 125 of 157
    Quote:

    Originally Posted by Gatorguy View Post





    If all new Apple features can't be installed on ALL iPhones with an OS update it doesn't mean that iOS didn't have new features. Same with Play Services, bypassing carriers and OEM's. Despite your inferences or claims to the contrary it can take care of many security issues/enhancements and feature updates for nearly every Google Android handset in use. Just not ALL security issues/enhancements and feature updates.



    ...Just "like I've been saying for years now". image

     

    WTH do features available for certain phones have to do with security updates? Oh, yeah, absolutely NOTHING.

     

    And I've never claimed Google Play Services couldn't update security issues. I've claimed that it can't update low level patches (such as kernel exploits). On the other hand, you have stated MANY times that Google Play Services can update ALL issues. Are you so forgetful that you don't remember how many times I've had to correct you on this in the past? Or are you being intentionally obtuse again? I'm gonna go with the latter.

  • Reply 126 of 157
    gatorguygatorguy Posts: 24,176member
    WTH do features available for certain phones have to do with security updates? Oh, yeah, absolutely NOTHING.

    And I've never claimed Google Play Services couldn't update security issues. I've claimed that it can't update low level patches (such as kernel exploits). On the other hand, you have stated MANY times that Google Play Services can update ALL issues. Are you so forgetful that you don't remember how many times I've had to correct you on this in the past? O
    Forgetful? Hardly. You're just making it up. I've NEVER claimed all security issues can be handled via Play Services. Pretty sure I challenged you the last time you said this to prove you weren't making it up by linking to a specific post, any post. Of course you couldn't then and you can't now. Not nice to be dishonest Eric. :no:
  • Reply 127 of 157
    gatorguygatorguy Posts: 24,176member
    sog35 wrote: »
    Because only their Nexus devices get updates from Google.

    Nexus makes up about 1% of Android units.
    My Moto X is running the most recent Google Android version, 5.1.1, updated directly by Motorola and bypassing my carrier. I'd also guess that saying Nexus models make up 1% of active devices is way overstating it. They aren't intended to be big sellers, instead used to intro new Android hardware and OS builds for premiering features
  • Reply 128 of 157
    dasanman69dasanman69 Posts: 13,002member
    mnbob1 wrote: »

    Many complain about Apple's closed system but it is there to protect against this kind of attack as well as keeping your data from being compromised between apps and to malicious websites.

    The real genius was to get ATT to completely fall in line, in return for which, Steve gave them the promised exclusivity (even in the face of considerable commentary that said Apple should move to other carriers quicker). Rumors then also had it that Verizon wanted carrier control, but Steve told them to take a hike.

    Once ATT was in the bag, the rest had no choice but to follow.

    Remember that the iPhone was a completely different device at the time. Apple was confident of its success (or at least hopeful).

    AT&T was willing to take the risk in exchange for an exclusive 2 year deal. Jobs negotiated that AT&T could not add any carrier software to the iPhone which was unheard of at that time since it brought money for the carrier. Apple subsidized AT&T for each iPhone. The iPhone was more successful than Apple or AT&T could have ever imagined.

    The iPhone 3 was released and pushed AT&T to upgrade their network to handle the new 3G traffic from not only the iPhone but all of the new Android phones that came after and copied the iPhone 3G and 3GS.

    After the 2 year contract ended the iPhone was offered to other carriers but Verizon was slow to take it because they are the kings of bloat ware. Apple offered only the same deal that AT&T had. Verizon doesn't promote the iPhone as much as Samsung and other Android phones, you'll find them in the back of the store and the employees offer them only when a customer asks about one. Verizon makes more money selling even a cheap Android phone and could care less about the quality of the hardware durability. Some they can't sell because they only come in GSM. The Google Nexus is a good example. GSM is a global standard. Verizon's CDMA is pretty much stuck in the U.S. That leaves AT&T and T-Mobile.

    The exclusivity was for almost 4 years. I don't know where you're getting 2 years from.
  • Reply 129 of 157
    patpatpatpatpatpat Posts: 628member
    Quote:

    Originally Posted by sog35 View Post

     

     

    Because only their Nexus devices get updates from Google.

     

    Nexus makes up about 1% of Android units.


     

    So you very quickly lost this argument "Nexus phones older than 2 years also won't be updated by Google." and moved the goalposts to include all Android devices in an attempt to CYA.  For a self proclaimed "I don't follow Google, I don't care", it is certainly obvious that most of what you post is incorrect, so why even bother?

  • Reply 130 of 157
    gatorguy wrote: »
    Forgetful? Hardly. You're just making it up. I've NEVER claimed all security issues can be handled via Play Services. Pretty sure I challenged you the last time you said this to prove you weren't making it up by linking to a specific post, any post. Of course you couldn't then and you can't now. Not nice to be dishonest Eric. :no:

    Oh the irony of the biggest liar on AI calling some dishonest.

    Everyone knows your MO. You make a generic blanket statement which is actually incorrect. Then after being called out on it several times you "modify" your original post by expanding on it. This way you can "pretend" you aren't actually lying the first time around.

    Of course I can't find a post where you said "all security issues can be handled by Google Play Services" because that's not how you worded it. You stated "every device running 2.3 or higher gets security updates through Google Play Services". Thats a blanket statement that implies if you have 2.3 that you get security updates. Not some of them, not only higher level ones, not only fixes for Google Apps, but all fixes.


    Bottom line:

    1: Android is a complete screw up when it comes to getting security updates
    2: Google is a complete screw up for not forcing OEMs to update devices for a certain period of time after you buy a device AND a minimum time that patches have to be made available to those devices so customers don't have to wait months for updates.

    Because of Google's complacency in this there are hundreds of millions of Android users who are vulnerable to this and other exploits.
  • Reply 131 of 157
    gatorguygatorguy Posts: 24,176member
    Oh the irony of the biggest liar on AI calling some dishonest.

    Everyone knows your MO. You make a generic blanket statement which is actually incorrect. Then after being called out on it several times you "modify" your original post by expanding on it. This way you can "pretend" you aren't actually lying the first time around.

    Of course I can't find a post where you said "all security issues can be handled by Google Play Services" because that's not how you worded it. You stated "every device running 2.3 or higher gets security updates through Google Play Services".
    Shoot the messenger time again I see.

    I can't even find that specific quote Eric. I don't think I ever used those words. The closest I saw is this:
    "Every Google Android device with 2.3 and above (that's pretty much all of them) have received security updates even if the OS itself is still an older version. Security and feature updates can come directly from Google via Play Services and have." I didn't see the wording you supposedly quoted right off so please link it.

    In no way does the one I found, and probably the one you've reworded for your own purposes and "quoted", indicate that I'm saying all security updates come via GPS. I don't mind arguing legitimate points with you. Imaginary or dishonest ones not so much.

    ...but you do have one valid point in there that I can agree with. I too think Google should at least attempt to enforce a requirement that OEM's offer OS updates for some defined period of time. Even 18 months after the device release might suffice, but the longer the better.
  • Reply 132 of 157
    lkrupplkrupp Posts: 10,557member

    http://motherboard.vice.com/read/goodbye-android

     

    Found this link on Jason Snell’s Six Colors blog. What a condemning read regarding the security hellhole that is Android. And the guy is a certified Apple Hater. Read it and weep for those running Android.

     

    One of the many money shots...

     

    "As security researcher Nicholas Weaver put it in a (now deleted) tweet, ”Imagine if Windows patches had to pass through Dell and your ISP before they came to you? And neither cared? That is called Android.”

     

    Also interesting are the  responses to the article. fAndroids defending this debacle to the point of irrationality.

  • Reply 133 of 157
    dasanman69dasanman69 Posts: 13,002member
    gatorguy wrote: »
    Forgetful? Hardly. You're just making it up. I've NEVER claimed all security issues can be handled via Play Services. Pretty sure I challenged you the last time you said this to prove you weren't making it up by linking to a specific post, any post. Of course you couldn't then and you can't now. Not nice to be dishonest Eric. :no:

    Oh the irony of the biggest liar on AI calling some dishonest.

    Everyone knows your MO. You make a generic blanket statement which is actually incorrect. Then after being called out on it several times you "modify" your original post by expanding on it. This way you can "pretend" you aren't actually lying the first time around.

    Of course I can't find a post where you said "all security issues can be handled by Google Play Services" because that's not how you worded it. You stated "every device running 2.3 or higher gets security updates through Google Play Services". Thats a blanket statement that implies if you have 2.3 that you get security updates. Not some of them, not only higher level ones, not only fixes for Google Apps, but all fixes.


    Bottom line:

    1: Android is a complete screw up when it comes to getting security updates
    2: Google is a complete screw up for not forcing OEMs to update devices for a certain period of time after you buy a device AND a minimum time that patches have to be made available to those devices so customers don't have to wait months for updates.

    Because of Google's complacency in this there are hundreds of millions of Android users who are vulnerable to this and other exploits.

    Exactly how can Google force the OEMs to do what you suggest?
  • Reply 134 of 157
    dasanman69dasanman69 Posts: 13,002member
    lkrupp wrote: »
    http://motherboard.vice.com/read/goodbye-android

    Found this link on Jason Snell’s Six Colors blog. What a condemning read regarding the security hellhole that is Android. And the guy is a certified Apple Hater. Read it and weep for those running Android.

    One of the many money shots...

    "As security researcher Nicholas Weaver put it in a (now deleted) tweet, ”Imagine if Windows patches had to pass through Dell and your ISP before they came to you? And neither cared? That is called Android.”

    Also interesting are the  responses to the article. fAndroids defending this debacle to the point of irrationality.

    Has any single one of these vulnerabilities been used in a widespread attack? Any instances of millions of people being infected?
  • Reply 135 of 157
    dasanman69dasanman69 Posts: 13,002member
    daven wrote: »
    OEMs are required to have Google as the default search engine and retain other Google services.

    Only the ones that are part of the OHA are given that requirement. They weren't forced to use Android to begin with, so how could they be forced to use a update?
  • Reply 136 of 157
    dasanman69 wrote: »
    Exactly how can Google force the OEMs to do what you suggest?

    How can Google stop Acer from releasing an Aliyun phone (forked version of Android)?
  • Reply 137 of 157
    dasanman69dasanman69 Posts: 13,002member
    dasanman69 wrote: »
    Exactly how can Google force the OEMs to do what you suggest?

    How can Google stop Acer from releasing an Aliyun phone (forked version of Android)?

    Because Acer is part of the OHA, and that's violates the agreement. Google hasn't stopped Amazon, nor any of the Chinese manufacturers from forking Android for their phones.
  • Reply 138 of 157
    dasanman69 wrote: »
    Because Acer is part of the OHA, and that's violates the agreement. Google hasn't stopped Amazon, nor any of the Chinese manufacturers from forking Android for their phones.

    The OHA is where the rules regarding patches/security fixes should be. How is this hard for anyone to understand? If Google can impose a set of restrictions via the OHA they can also impose rules regarding updates.

    Google likes to put their foot down when it suits them (Acer) and looks the other way when it doesn't (taking responsibility for the security mess named Android).

    Just like Google left all the OEMs high and dry regarding the stolen IP from Microsoft in Android instead of dealing with the issue themselves.
  • Reply 139 of 157
    lkrupplkrupp Posts: 10,557member
    Quote:

    Originally Posted by dasanman69 View Post





    Has any single one of these vulnerabilities been used in a widespread attack? Any instances of millions of people being infected?



    Not relevant to the point of the blog. The patching/updating process for Android is woefully inadequate and leaves the majority of users vulnerable to any discovered exploit with little or no hope of a timely fix. Even the original report states that right now it is being used against high value targets by hackers. It’s the process here that’s under fire, not the exploit or the victim count.

  • Reply 140 of 157
    dasanman69dasanman69 Posts: 13,002member
    lkrupp wrote: »
    dasanman69 wrote: »
    Has any single one of these vulnerabilities been used in a widespread attack? Any instances of millions of people being infected?


    Not relevant to the point of the blog. The patching/updating process for Android is woefully inadequate and leaves the majority of users vulnerable to any discovered exploit with little or no hope of a timely fix. Even the original report states that right now it is being used against high value targets by hackers. It’s the process here that’s under fire, not the exploit or the victim count.

    What's a 'high value target'? That phrase is definitely part of the FUDish language. The 'fix' for any vulnerability is always there. It's up to the OEMs to then apply to their devices which has to include the carriers because they have no way of delivering it. The OEMs should take a look at how Motorola updates their phones, and follow their lead. It starts with keeping Android very close to stock
Sign In or Register to comment.