New Stagefright Bugs Leave More Than 1B Android Users Vulnerable

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
How many times will Google have to patch this exploit before it's finally fixed for good. :(

To take advantage of these bugs, a hacker can trick a potential victim into opening a website where he has planted a malicious mp3 audio file, or a malicious mp4 video file, or by tricking the victim to open them in a third party application, say a multimedia player, that depends on the vulnerable Android libraries. “Merely previewing the song or video would trigger the issue,” Drake wrote in a blog post.
 
I think it will take some time for Google to get Android devices getting security fixes on a timely manner. Its not setup in a way for all manufacturers to get timely security security fixes out. Googles needs to rethink how handle the fragmentation. I would be happy if they locked down the rules about the base OS saying everyone was not allowed to modify certain parts. Maybe that already is, but I feel its not. So that Google can push out security fixes to all devices faster. Carriers be damned. Also lengthing support for major releases. 2 years is much to short.

I am glad that Google did started monthly fixes. I'm always staying in the Nexus line for myself.
 
They need to address not just the speed in which carriers provide updates, but also how the updates get pushed.

I know i'm not the only one who has an out of region phone (verizon S5 in Canada) so i'm locked from getting any updates or security fixes unless I want to manually do it myself.
 
That's why you don't download or open random webs... It's the Internet 101......

More interestingly, not many people reply or comment to this, unless it's Apple....

:p
 
shansoft said:
That's why you don't download or open random webs... It's the Internet 101......

More interestingly, not many people reply or comment to this, unless it's Apple....

:p
Click to expand...

Setup a fake wifi hotspot in a cafe. Make the mp3 play on a login screen. Owned.

It's not always people doing idiotic things, That could probably get anyone who wasn't completely paying attention.
 
m2h said:
I think it will take some time for Google to get Android devices getting security fixes on a timely manner. Its not setup in a way for all manufacturers to get timely security security fixes out. Googles needs to rethink how handle the fragmentation. I would be happy if they locked down the rules about the base OS saying everyone was not allowed to modify certain parts. Maybe that already is, but I feel its not. So that Google can push out security fixes to all devices faster. Carriers be damned. Also lengthing support for major releases. 2 years is much to short.

I am glad that Google did started monthly fixes. I'm always staying in the Nexus line for myself.
Click to expand...

The optional update process is what hurts Android.

Take Windows PCs for example. If you buy a DELL, you get Windows core and whatever DELL wraps onto it (customized browser, etc) as "add on" apps.

With Android, you have a complete clusterf of carrier-specific and manufacturer specific modifications to the core OS framework. Of which are usually not updated past a few months of release.

They really need to adopt a base and force carrier/manufacturer stuff to be add-on apps. That way updates/patches for the base can be done without requiring carriers/manufacturers to rebundle their own firmware.
 
That's part of the problem with a "free" OS. Carriers love to do things that make phones impossible for developers to update, so you're at the carrier's mercy for updates instead. They know that there is a certain percentage of users who want the newest version of Android so bad, they're willing to just buy a whole new phone for it. Hence why companies like Verizon and AT&T strongarm the manufacturers into locking their bootloaders.

Could you imagine the outrage if HP or Dell were to sell a PC that you couldn't load a new/upgraded OS on?
 
The OS handling the only thing I like about the iPhone. You have 1 version of iOS. Android and even Windows Phones are left to the carriers to make their own slightly different versions. So you have to wait for them to upgrade everything. I am still waiting for the latest Windows Phone OS to be pushed to my 1520 on the AT&T network. Took about 6 - 8 months for me to get 8.1, and the wait for 8.1 update 1 is taking fucking forever.

So I am not surprised that there are flaws out there on phones like this that don't ever get patched as you are waiting not only for Google to fix it, but then for everyone else to fix it and push it out.

And sadly most people don't follow safe browsing on a pc, so don't even expect them to think about it for their phone.
 
Yup, same sentiment here. Google needs to tell the carriers and manufacturers they can't do the custom locked down OS crap anymore, so they can actually update their OS properly. Most end users don't give a crap about the manufacturer add-on garbage, and they also know that the carrier loaded apps are just junkware. The manufacturers compete via hardware anyway, and the carriers compete with coverage and plans, there's no reason for this crap other than to screw customers.
 
Where are those posters now that were disagreeing with me about the insecurity of Android? Not that it hasn't been proved a gazillion times.

Imagine all those poor bastages who are stranded with their ancient unpatched versions, because the vendor just doesn't give a damn.

Prepaid connection is the way to go if you own an Android. Or lose your sleep.
 
Flapjack said:
That's part of the problem with a "free" OS. Carriers love to do things that make phones impossible for developers to update, so you're at the carrier's mercy for updates instead. They know that there is a certain percentage of users who want the newest version of Android so bad, they're willing to just buy a whole new phone for it. Hence why companies like Verizon and AT&T strongarm the manufacturers into locking their bootloaders.

Could you imagine the outrage if HP or Dell were to sell a PC that you couldn't load a new/upgraded OS on?
Click to expand...

PC market is much different than Smartphone market in the way that if, in your example, HP and Dell sold PC with locked OS, they only stand to lose their market as people would simply instead build their own that suit their needs better, choose their parts better, none of the OEM crap and probably better overall/cheaper.

In the smartphone there is no such thing as build your own smartphone, so even those who knows full well the working of the individual component of each phone, they are at the mercy of the OEMs and/or Carriers.

This is my main issue with the smartphone market
 
LOL Google's Android is the new Adobe Flash and Oracle Java all rolled into one with a healthy dose of Windows 10-like spying. :p
 
Unless people buy the Nexus line of phones this issue will persist.

There is a reason vendors add their own software on top of Android, to set their phones apart. That leads to a lot more negatives than positives IMO.
When I had an Android phone I mostly used Nexus devices and it was a smooth experience overall.

Unless Google steps in and says stock Android is the only version allowed on any device, keep dreaming.
 
You must log in or register to reply here.
Back
Top