If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Bluebox)   Own an Android purchased in the last four years, running 1.6 or higher? If so, you and nearly 900 million others could have a slight problem   (bluebox.com) divider line 87
    More: Fail, Android, security bug  
•       •       •

11280 clicks; posted to Geek » on 04 Jul 2013 at 8:49 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



87 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-07-04 02:13:25 AM  
The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls).

Meh. The NSA beat them to it.
 
2013-07-04 03:19:01 AM  
You need direct (and in some cases, root) access to the phone's filesystem to do this. So, a less than serious issue, as long as you don't spend your free time sideloading shiat apps from unknown publishers.
 
2013-07-04 08:52:42 AM  

kingoomieiii: You need direct (and in some cases, root) access to the phone's filesystem to do this. So, a less than serious issue, as long as you don't spend your free time sideloading shiat apps from unknown publishers.


The problem is that Android power users answers to every farking thing is to root the farker
 
2013-07-04 08:55:42 AM  
Not so smart phone now, are you?
 
2013-07-04 08:58:11 AM  
So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
 
2013-07-04 09:02:11 AM  

oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!

$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user
 
2013-07-04 09:05:03 AM  

drjekel_mrhyde: The problem is that Android power users answers to every farking thing is to root the farker


And they forget to mention the old axiom:  With great power comes great responsibility.

I've no problem with rooting/jailbreaking but you have to be aware of exactly what you are doing and why rooting a device is a good idea for you.
 
2013-07-04 09:05:54 AM  

kingoomieiii: You need direct (and in some cases, root) access to the phone's filesystem to do this. So, a less than serious issue, as long as you don't spend your free time sideloading shiat apps from unknown publishers.


It sounds like you are saying this vulnerability can affect only rooted phones -- from my understanding of TFA this is not the case. If you download and install an app that has been modified as described in the article, then you are hosed. The modified app may get root access and do any number of nasty things.

Your comment about not sideloading apps from unknown publishers stands -- don't put that shiat on your phone and you are probably safe.
 
2013-07-04 09:06:09 AM  
What happened to you, Android? I thought you were cool.
 
2013-07-04 09:09:43 AM  

WhippingBoy: What happened to you, Android? I thought you were cool.


It's programmed in multiple techniques, a broad variety of pleasuring (see "root").
 
2013-07-04 09:13:38 AM  
Is it time to hate google yet?
 
2013-07-04 09:14:21 AM  
I'd like to think this will be patched quickly, but if you have to wait on your carrier, it could be months.
 
2013-07-04 09:17:32 AM  

drjekel_mrhyde: oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user


Really? I got one for a LOT LESS than that. You must have gone to a kiosk in a high-end mall to get ass-raped for that much.
 
2013-07-04 09:17:55 AM  
oh FFS. The sky is falling the sky is falling!
 
2013-07-04 09:19:14 AM  

drjekel_mrhyde: oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user


That hasn't been the case for a long time.  Paid $150 for my HTC One V, runs 4.0 well.  Good UI experience.
 
2013-07-04 09:24:42 AM  
This has nothing to do with rooting and it is not a good thing.

What it means is that a lot of the checks and balances put in to protect you from malicious software can be bypassed.

The solution is to make sure you only install apps from trusted sources ... which has been common sense for any computer for decades.

/for 99% of users this will never be an issue as they don't sideload and the these apps are unlikely to make it into the Play store.
 
2013-07-04 09:41:09 AM  
1.bp.blogspot.com
One of these can't be trusted.
 
2013-07-04 09:41:49 AM  

oldfarthenry: You must have gone to a kiosk in a high-end mall to get ass-raped for that much.


Newsflash, most top-end phones cost about the same, with or without subsidy. Pretending otherwise is stupid.
 
2013-07-04 09:42:24 AM  
The chances of a malware pusher also finding this exploit and then managing to get even a tiny percentage of Android users to install it are vanishingly small.  If it's not self-replicating and self-distributing...BFD.  Also, once Google understands the exploit, it should be easy to detect Play store apps that have been loaded with it.
 
2013-07-04 09:44:34 AM  

jehovahs witness protection: [1.bp.blogspot.com image 293x224]
One of these can't be trusted.


It`s the one on the right, he looks happier.
 
2013-07-04 09:48:39 AM  

LasersHurt: oldfarthenry: You must have gone to a kiosk in a high-end mall to get ass-raped for that much.

Newsflash, most top-end phones cost about the same, with or without subsidy. Pretending otherwise is stupid.


Newzierflash - you're an idiot for buying the latest factory/slave-fresh technology .
 
2013-07-04 09:49:25 AM  

LasersHurt: oldfarthenry: You must have gone to a kiosk in a high-end mall to get ass-raped for that much.

Newsflash, most top-end phones cost about the same, with or without subsidy. Pretending otherwise is stupid.


But you can get a phone with 80% of the capability for under half the price if you shop about. Pretending otherwise is dishonest.
 
2013-07-04 09:49:52 AM  

bingo the psych-o: drjekel_mrhyde: oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user

That hasn't been the case for a long time.  Paid $150 for my HTC One V, runs 4.0 well.  Good UI experience.


I was assuming he/she meant off contract
 
2013-07-04 09:49:57 AM  

drjekel_mrhyde: oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user


Google's reference device can be had unlocked and unsubsidized for $299.  I got my GS3 for $150 a few months ago (subsidized, but I don't get a discount for BYOD).
 
2013-07-04 09:50:01 AM  

oldfarthenry: LasersHurt: oldfarthenry: You must have gone to a kiosk in a high-end mall to get ass-raped for that much.

Newsflash, most top-end phones cost about the same, with or without subsidy. Pretending otherwise is stupid.

Newzierflash - you're an idiot for buying the latest factory/slave-fresh technology .


also this.
 
2013-07-04 09:52:11 AM  

dready zim: LasersHurt: oldfarthenry: You must have gone to a kiosk in a high-end mall to get ass-raped for that much.

Newsflash, most top-end phones cost about the same, with or without subsidy. Pretending otherwise is stupid.

But you can get a phone with 80% of the capability for under half the price if you shop about. Pretending otherwise is dishonest.


I didn't say or imply otherwise. I corrected Henry for being wrong.
 
2013-07-04 10:02:47 AM  

drjekel_mrhyde: oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user


I own a Nexus 4, good phone. T-mobile meanwhile leaves a lot to be desired, but so do all the carriers in the US.
 
2013-07-04 10:06:18 AM  

bbfreak: I own a Nexus 4, good phone. T-mobile meanwhile leaves a lot to be desired, but so do all the carriers in the US.


I would have bought that in a heart beat if it had LTE. I had the Nexus One and was really happy with the raw Google experience.

I am looking for my next phone over the next 6 months ... not sure what I am going to end up with.
 
2013-07-04 10:28:43 AM  

Farking Canuck: bbfreak: I own a Nexus 4, good phone. T-mobile meanwhile leaves a lot to be desired, but so do all the carriers in the US.

I would have bought that in a heart beat if it had LTE. I had the Nexus One and was really happy with the raw Google experience.

I am looking for my next phone over the next 6 months ... not sure what I am going to end up with.


Having LTE wasn't as important to me as having an unlocked pure android experience on my phone and I have no regrets. Again, T-Mobile could be better, but so could most any US carrier. As for the Nexus 4 not having LTE, the real reasoning behind that is because again US carriers suck and Google doesn't want to compromise their Nexus devices. Especially after the LTE version of the Galaxy Nexus was held back by Verizon so they could promote their Droid RAZR phone instead.
 
2013-07-04 10:50:49 AM  

bbfreak: Farking Canuck: bbfreak: I own a Nexus 4, good phone. T-mobile meanwhile leaves a lot to be desired, but so do all the carriers in the US.

I would have bought that in a heart beat if it had LTE. I had the Nexus One and was really happy with the raw Google experience.

I am looking for my next phone over the next 6 months ... not sure what I am going to end up with.

Having LTE wasn't as important to me as having an unlocked pure android experience on my phone and I have no regrets. Again, T-Mobile could be better, but so could most any US carrier. As for the Nexus 4 not having LTE, the real reasoning behind that is because again US carriers suck and Google doesn't want to compromise their Nexus devices. Especially after the LTE version of the Galaxy Nexus was held back by Verizon so they could promote their Droid RAZR phone instead.


I work for ATT, have a Tmobile phone, my down speeds are 16 down and up 4, which in reality are great for tethering, but a phone for video, music, etc, is perfectly fine on 3g.  My other line is a 3g android Moto Defy, and when I use it to tether I can netflix fine without any buffering problems, and on the odd occasion I can run a super fast torrent.

LTE is bragging rights and that is it, because you show a fast speed test on the phone.  I still rock a Galaxy S2, which was lte before apple even thought about it.

You can also get the Samsung S4 and HTC One with pure android from Google Play if you want to buy the phones outright.

Google does not decide what the carriers will do.
 
2013-07-04 10:54:57 AM  
Is the problem that you have a phone running a practically obsolete operating system?

//used to have an Android 2.0
//now on Android 4.0
 
2013-07-04 11:03:56 AM  

Abe Vigoda's Ghost: I'd like to think this will be patched quickly, but if you have to wait on your carrier, it could be months.




Or never.
 
2013-07-04 11:08:19 AM  

Arkanaut: Is the problem that you have a phone running a practically obsolete operating system?

//used to have an Android 2.0
//now on Android 4.0


No, even the latest Android OS is affected by this
 
2013-07-04 11:09:01 AM  

theflatline: LTE is bragging rights and that is it


I live and work in the GTA (Greater Toronto Area) so my LTE coverage is solid everywhere I go. My current phone is LTE and I love it.

Other speeds may "work fine" but it is difficult to go back once you get used to it. I tried forcing slower data speeds to save battery (LTE is a bit of a power hog) and found that I ended up turning it back on so often that it wasn't worth the effort of trying to save power.

I'm not saying that you can't live without it ... but I'm sure as hell not going to buy a new phone in 2013 that doesn't have it.
 
2013-07-04 11:10:46 AM  

the_sidewinder: Arkanaut: Is the problem that you have a phone running a practically obsolete operating system?

//used to have an Android 2.0
//now on Android 4.0

No, even the latest Android OS is affected by this


That's what he meant.
 
2013-07-04 11:14:49 AM  

Farking Canuck: theflatline: LTE is bragging rights and that is it

I live and work in the GTA (Greater Toronto Area) so my LTE coverage is solid everywhere I go. My current phone is LTE and I love it.

Other speeds may "work fine" but it is difficult to go back once you get used to it. I tried forcing slower data speeds to save battery (LTE is a bit of a power hog) and found that I ended up turning it back on so often that it wasn't worth the effort of trying to save power.

I'm not saying that you can't live without it ... but I'm sure as hell not going to buy a new phone in 2013 that doesn't have it.


With the newer phones I don't think LTE is the power hog it once was. On my S3, watching Netflix is only slightly more battery hungry than reading with the Kindle app (mainly due to backlight).
 
2013-07-04 11:22:10 AM  

WhippingBoy: the_sidewinder: Arkanaut: Is the problem that you have a phone running a practically obsolete operating system?

//used to have an Android 2.0
//now on Android 4.0

No, even the latest Android OS is affected by this

That's what he meant.


Touché.
 
2013-07-04 11:27:09 AM  

drjekel_mrhyde: oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user


my $80 kyocera rise seems to do just fine without shiating on itself...
 
2013-07-04 11:38:13 AM  

oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!


Who the fark are these idiots that don't know how to pay less than 700 dollars for an iPhone?
 
2013-07-04 11:38:45 AM  

Abe Vigoda's Ghost: I'd like to think this will be patched quickly, but if you have to wait on your carrier, it could be months.


Even the OEMs won't be bothered to fix this. I'm a huge Android fan, but I hate that updates are largely unavailable to most devices. I know even some Nexus devices have to wait for updates.
 
2013-07-04 11:44:46 AM  
So, basically, it's only an issue if I download apps from sketchy sources...so it can be avoided by simply not being a dumbass. Alarmist headline is alarmist.
 
2013-07-04 12:04:56 PM  
This is new?

You've been able to edit those hex values with root for like...well...since I started dinking with Android.

Shakespeare wrote a play about this.
 
2013-07-04 12:16:27 PM  

drjekel_mrhyde: kingoomieiii: You need direct (and in some cases, root) access to the phone's filesystem to do this. So, a less than serious issue, as long as you don't spend your free time sideloading shiat apps from unknown publishers.

The problem is that Android power users answers to every farking thing is to root the farker


I would only recommend rooting if you have no problem doing it yourself and can maintain it.
 
2013-07-04 12:22:54 PM  

divx88: drjekel_mrhyde: kingoomieiii: You need direct (and in some cases, root) access to the phone's filesystem to do this. So, a less than serious issue, as long as you don't spend your free time sideloading shiat apps from unknown publishers.

The problem is that Android power users answers to every farking thing is to root the farker

I would only recommend rooting if you have no problem doing it yourself and can maintain it.


sort of like manscaping.
 
2013-07-04 12:31:36 PM  
So essentially it's possible that when I install an app, the app could have access to my phone.
Quick, someone bring me my fainting couch.

I guess maybe in technical terms this could work in an "alarming" way, but it doesn't seem the least bit alarming orsurprising to me. It's never been safe to load apps from some sketchy source and has always represented a vulnerability. I don't think this bit of news really changes that reality in any way.
 
2013-07-04 12:41:49 PM  
img834.imageshack.us

You can always borrow your little sister's iPhone. See how it's customized with all those pretty icons? Lots of pretty icons!
 
2013-07-04 12:55:46 PM  

SacriliciousBeerSwiller: So, basically, it's only an issue if I download apps from sketchy sources...so it can be avoided by simply not being a dumbass. Alarmist headline is alarmist.


Problem is, we know what sketchy is... and your 16-year-old niece doesn't.
 
2013-07-04 01:02:13 PM  
I think you will need root, and even S-off in order to change system level software. It is still an app, and it can only obtain the same levels of access that any other installable app can obtain. So if you are unrooted, the app cannot read your personal info any more than you normally allow apps, and you will see that access on the app settings page.

I am actually not really seeing a big problem with this. You just need to look at the access rights you are giving it when you first install the program which is no different than when you install any other program.

Its like microsofts security certificates. You can make a program look official, but it still won't bypass administration privileges,only the user can do that. Seems like a non issue.
 
2013-07-04 01:12:00 PM  

Maul555: drjekel_mrhyde: oldfarthenry: So ditch your Android & spend $700 on an iPhone?
Nice try, Apple!
$700 is the price you'll pay for a Android phone that can run the OS without shiating on itself
/Not a iPhone user

my $80 kyocera rise seems to do just fine without shiating on itself...


I just picked up an HTC Evo 4g LTE for a whopping $1.06 and this thing runs great. I looked at the more expensive phones but just couldn't see that much of an advantage to them.
 
2013-07-04 01:28:21 PM  
Man in the middle attack anyone? Last I heard the Play Store didn't use HTTPS, so if you're connected to public WiFi someone could intercept your download, inject a compromised app whose cryptographic signature looks A-ok, and all the data on your phone gets uploaded so some asshole in Taiwan.
 
Displayed 50 of 87 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report