SoylentNews is people
SoylentNews
Ars reports on a serious Android exploit to be disclosed at the upcoming BlackHat:
Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message.
The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in "Stagefright," an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.
(Score: 0) by Anonymous Coward on Tuesday July 28 2015, @04:41PM
If someone exploits this because your carrier didn't provide an update after Google issued the code fix, couldn't you sue the carrier for damages? I hope someone will do so and win. Carriers will only act responsibly if there's a cost involved for not doing so. Not that they are any special in this.
But also Google could do something: It could disallow carriers to get at Google's services for new phones if they didn't provide updates for the old phones. If not updating the old phones would mean that new phones from the same carrier will not get access to Google services, then I'm pretty sure the carriers will be keen on keeping the old phones up to date.
(Score: 0) by Anonymous Coward on Tuesday July 28 2015, @06:39PM
I'm sure the courts would just say that its the customers' fault for continuing to use the phone beyond its EOL, and that they acquiesced to the risks by not buying newer model.