Android Cell Phone Vulnerability « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » Talks

Android Cell Phone Vulnerability

(2 posts) (1 voice)

Started 9 years ago by mikiem2
Latest reply from mikiem2

mikiem2
Moderator

You might have read or heard about this already -- there's a flaw in one of the core parts of Android that can be exploited with a simple text message. This blog presents the basics with a minimum of tech-speak.
[https://blog.kaspersky.com/critical-android-mms-vulnerability/]

Posted 9 years ago #
mikiem2
Moderator

The headlines have all been talking about how 90%+ Android devices are vulnerable to this exploit. Google has patched the code, but hasn't yet delivered it to most of the devices it sold. Manufacturers are still figuring out what they're going to do -- Samsung for instance is re-thinking how they deliver updates to their products, & is talking about moving to monthly security updates.

Since Android is customized to each piece of hardware, there are no generic updates to the OS itself, but rather each manufacturer has to patch or re-do the complete software package or image for each device. As a rule they don''t do this often, & normally only for those products that are currently sold. And once they do release an update, anyone with a cell or tablet tied to a cellular carrier has to wait until their carrier checks it out & decides whether or not to push it out to their customers.

Most Android cell phones & tablets will never have this vulnerability patched, because they're no longer current. While it's been reported that this vulnerability has not been actively exploited so far, most systems &/or devices are compromised after a vulnerability is reported, even if/when a patch has been released -- the bad guys are opportunistic.

Google has pushed back against this potential nightmare, saying that since Android v. 4 there's another safeguard in place, with data being written to memory in random places, so a hacker or criminal wouldn't know where to look. They're likely nervous as talk is starting up again regarding software liability -- holding companies legally liable when they've been negligent in the design & creation of their software products.

All we as consumers can do is wait & see if this gets exploited in the field or not -- Google may be right & there's no practical application, at least for devices running Android v. 4 or newer. At that point, *if* the bad guys start using it, there will most likely be all sorts of recommendations regarding how to reduce your risk.

The big lesson perhaps is the unavoidable weakness of an OS like Android that depends on the hardware manufacturers rather than the company that develops the code. Whether that weakness is great enough to overcome the negatives of buying & using devices from Google, Microsoft, or Apple is up to you.

[http://www.androidcentral.com/stagefright]

Posted 9 years ago #

RSS feed for this topic

Reply

You must log in to post.