Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Tuesday July 28 2015, @02:20PM   Printer-friendly
from the multimalware-messaging-service dept.

Ars reports on a serious Android exploit to be disclosed at the upcoming BlackHat:

Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message.

The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in "Stagefright," an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Tuesday July 28 2015, @03:51PM

    by Anonymous Coward on Tuesday July 28 2015, @03:51PM (#214903)

    This shows that the process of going through the carriers must stop. It makes no sense to have the carriers as an impediment to software updates. I don't have to get my ISP to provide updates to Windows or Linux, I shouldn't have to have my carrier provide updates to Android or Windows (phone).

    We need to have unlocked, and only unlocked, phones. We need to have generic phone platforms (like we have generic PCs) and put the control of the devices in the hands of those who pay for them - the consumer. I'm amazed this is not covered in anti-trust (or anti-combines) legislation.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 3, Interesting) by jmorris on Wednesday July 29 2015, @01:06AM

    by jmorris (4844) on Wednesday July 29 2015, @01:06AM (#215155)

    This would require people to buy their own phone instead of lease them from the carrier. And apparently few would buy the high end phones they currently lease so the handset makers would cry when the next quarterly report came out.

    If people cared they can buy unlocked phones now. But they don't get updates either. Raise your hand if you think the Nexus devices will even get patched with the month. Anybody?

    For all the abuse we joyfully heaped on Microsoft these many dark years of their misule of the desktop, at least at the late nineties they were trying to figure out how to do security. Google grew up in the UNIX world from day one, so what is their excuse? Hell, Android/Linux IS a UNIX operating system so again, what exactly is their excuse?

    • (Score: 0) by Anonymous Coward on Wednesday July 29 2015, @04:49AM

      by Anonymous Coward on Wednesday July 29 2015, @04:49AM (#215261)

      > And apparently few would buy the high end phones they currently lease so the handset makers
      > would cry when the next quarterly report came out.

      People buy expensive iPads instead of cheaper tablets, expensive Macs instead of cheaper Windows PCs and expensive SUVs instead of cheaper minivans. So, while some people would not buy top end phones, I don't think that few would. Prestige has a price.

      I bought an unlocked phone and for me, it's cheaper than any "deal" I could get with a "free" phone. YMMV.

      There's no reason why the phone services can't rent unlocked phones; they just have to lock the price into the contract. If you leave and take the phone, you get the rest of the bill. That keeps the initial cost for the user down (with a total cost over time that is higher). But an unlocked, generic phone would not have a problem with upgrades. It would work just like upgrading a Windows or Linux PC. The fact that you can't do that now is not proof it wouldn't work - it only demonstrates that the industry (makers, software providers and service providers) don't give a damn about getting genuinely useful products into our hands; they just want to take our money out of our hands.