Android Vulnerability Discovered After 4 Years

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
For the past four years, there has been a vulnerability lying dormant in just about every Android powered phone since version 1.6, that could allow a malicious program to take complete control of your system. The disturbing part is that this can be done without being detected or triggering any sort of alarm. Google has not yet issued a fix for the problem.

"Not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account and service passwords, [but] it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls)."
Click to expand...
 
Whats the possibility that this is a deliberate element of PRISM?

*tin-foil hat on*
 
TastEPlasma said:
Whats the possibility that this is a deliberate element of PRISM?

*tin-foil hat on*
Click to expand...

Yes because the NSA only wants to spy on people who install 3rd party unverified system APKs.

This is kind of a non-story...if you allow installation of non-official apps on ANY OS, this "vulnerability" known as the "end-user" will forever exist.
 
TastEPlasma said:
Whats the possibility that this is a deliberate element of PRISM?

*tin-foil hat on*
Click to expand...

I wouldn't rule it out.. the fact that a 'malicious app' is able to do all that crap might be the discovered side effect of the real intended tool which would be a tool to remotely take 'control' of your phone silently. Certainly the universality of the 'mistake', suggests intended behind-the-scenes access to your phone.
The leaks of this NSA thing were pretty clear full access, granted by our loved companies and they are informed first of software vulnerabilities.. which explains that virus that hit Iran a while ago. Actually makes you wonder, how many of these 'vulnerabilities' are intentional, and only considered a 'problem' later, when they are 'discovered'.
I really don't see how can anyone say 'far-fetched'.
 
Now we know why the 'donut' name for the donut hole in the software, as requested by the NSA. hehe
 
I think it's really safe to assume that all business, operating systems, technical design software etc has deliberate holes and backdoors for all governments to use at will.

It all probably starts with your ISP and probably the manufacturers of domestic Router/Switches.

Privacy is a myth. It died just before/as 9/11 happened.
 
Nah, Privacy was always an illusion. The US gov was doing questionable shit decades before 9/11.
 
I see the Obama apologists are trying to equate selective cold war spying to recording personal data on everyone. Nice.
 
And conservatives are completely ignoring Room 641A and the NSA dealings with AT&T that has gone on since at least 2003. http://en.wikipedia.org/wiki/Room_641A

Stop trying to politicize everything. It's not going to change anything and with the past track record most of us are going to forget about this in a year or two anyways. And that's sad.
 
Ryokurin said:
And conservatives are completely ignoring Room 641A and the NSA dealings with AT&T that has gone on since at least 2003. http://en.wikipedia.org/wiki/Room_641A

Stop trying to politicize everything. It's not going to change anything and with the past track record most of us are going to forget about this in a year or two anyways. And that's sad.
Click to expand...
Except how is 2003 relevant since none of those people are in charge now. You can blame them, which is political. Who is to blame now that can actually do something about it?
 
jpm100 said:
Except how is 2003 relevant since none of those people are in charge now. You can blame them, which is political. Who is to blame now that can actually do something about it?
Click to expand...

All he is saying is don't turn a blind eye. When the rightists get back in power again they will continue and expand domestic spying just like this outfit did. This ratchet only goes one way regardless of the logo on the party with the reins.

In my discussions IRL it is becoming increasingly clear that the current administration has been an eye opener for many on the left. The apologists you hear are a vocal few.
 
This is nothing new. I knew about this when I bought my first android phone, after seeing several games from several studios appear under one malicious developer on amazon. Also I believe this can happen on google play as well, if a developer releases on amazon or a personal website, and then a malicious developer brings it to google play. Either way you should be suspicious of installing apps with unnecessary permissions.
 
It always amazes me how fast articles reporting on hardware, on a hardware site can devolve into a political debate.
 
People who use Android devices are pretty much just asking to be spied on anyway. Every app needs your location, your identity, full file access to all your stuff, and a DNA sample. You may as well have a buncha security holes too since its not like it'll make any difference.
 
So when can we live on mars or moon. I think its time for Mayflower 2.0
 
BombermanX said:
Sensationalism.
Click to expand...

Not really. The surprise is a bit overstated though, malware on Android is huge and articles like this come out almost weekly. 92% of mobile malware is on Android. It reminds me of how it used to be in the Windows XP days.

The difference is that Microsoft took security very seriously and was very active in trying to fix it. Google drags their feet on fixes and carriers can't be bothered to update the OS on perfectly capable devices because they're more concerned with selling new hardware before the old 2-year contract on the old hardware expires. It is ridiculous.
 
Stimpy88 said:
Good luck with getting an update for that, Android loosers. :D
Click to expand...

Uncheck "Use Non-Market Sources."

Done. 100% closed and secure against this type of "attack."

At least the option is there for us without having to resort to jailbreaking and using exploits to install something outside of the walled garden. Tell me which of the two options you'd rather have.
 
CreepyUncleGoogle said:
People who use Android devices are pretty much just asking to be spied on anyway. Every app needs your location, your identity, full file access to all your stuff, and a DNA sample. You may as well have a buncha security holes too since its not like it'll make any difference.
Click to expand...

Troll level: MAX
 
MostComfortable said:
Not really. The surprise is a bit overstated though, malware on Android is huge and articles like this come out almost weekly. 92% of mobile malware is on Android. It reminds me of how it used to be in the Windows XP days.

The difference is that Microsoft took security very seriously and was very active in trying to fix it. Google drags their feet on fixes and carriers can't be bothered to update the OS on perfectly capable devices because they're more concerned with selling new hardware before the old 2-year contract on the old hardware expires. It is ridiculous.
Click to expand...

Giving Microsoft gold stars for Windows security is pure comedy. The flaw here is the user who unchecks the "disallow third party apps" setting. It can't get much more restrictive than that unless you run a totally closed ecosystem a la Apple. You're silly.
 
You must log in or register to reply here.
Back
Top