Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Wednesday August 19 2015, @12:56AM   Printer-friendly
from the infected-droid-armies dept.

El Reg details developments surrounding the increasing worrisome state of Android security:

According to security company Rapid7, Google needs to rethink how it patches Android in the wake of initial botched attempts to resolve the Stagefright vulnerability.

The criticism comes as Google itself confirmed users of its Nexus devices – who are the first to get security fixes – won't be fully protected until September.

The Stagefright vulnerability for Android phones creates a means to infect devices simply by sending a booby-trapped MMS message. An estimated 950 million devices that run Android versions 2.2 through 5.1 are at risk. Version 4.1 and later have defences that mitigate, without eliminating, the possibility of a successful attack.

The Stagefright vuln, discovered by Zimperium, ultimately stems from flaws in code handling multimedia files.

Google released a six-pack update to resolve the Stagefright vulnerability last week, but it quickly emerged that one of the components was incomplete, so that even patched devices were still at risk.

These shortcomings have put back the whole security remediation process by weeks.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday August 19 2015, @10:06AM

    by Anonymous Coward on Wednesday August 19 2015, @10:06AM (#224905)

    For the sake of security, privacy and freedom, constant updates will have to go.

    Work on it and finish it. Then give it to paid testers to test it. Then let customers install this beta version of their own choice. After no complaints are received for six months and all known bugs are fixed (not patched), release it.

    Marketers always say "If its good enough, ship it". I say "Design your software properly and then test the hell out of it before shipping".

    Today companies have instilled into people's minds that updates to software are a good thing (even on cars, seriously?!?!?). Why the hell are they are good thing? The software was broken the day it was shipped as "finished product". By definition of finished product, it should never need any updates. There shouldn't even be a way to install updates. Companies are getting away with selling intentionally incomplete, unsafe, broken systems and we are letting them.

    If you can't make a finished product and need money now, find an investor who will help you finish your product. Or go out of business and do something else for a living. Selling and passing on broken products is not fair and you are a criminal for doing so. Don't promote others who do this.

    There is no oversight over corporations and you are not protected. Save yourself from capitalism gone wild.

  • (Score: 2) by skullz on Wednesday August 19 2015, @09:55PM

    by skullz (2532) on Wednesday August 19 2015, @09:55PM (#225192)

    "Design your software properly and then test the hell out of it before shipping"

    Oh sure like that actually works.