Android bugs leave every smartphone and tablet vulnerable to privilege escalation

IvanIVIvanIV Posts: 30,301
Forum Member
✭✭✭
Android bugs leave every smartphone and tablet vulnerable to privilege escalation

Six new bugs uncovered in Google's mobile platform shows how every Android-powered device – more than a billion devices in all – are vulnerable to malware thanks to privilege escalation issues.
...
The problem, to put it simply, is that for the sake of convienience [sic] the Android user interface doesn't pop up any prompts pointing out the new permissions, but instead assigns them automatically in the background without giving the user any say in the matter.

Comments

  • flagpoleflagpole Posts: 44,641
    Forum Member
    I've read it.

    I'm not overly concerned. an attack vector that requires an app to be in position before a firmware revision. and that we can scan for, seems largely theoretical to me.
  • Anika HansonAnika Hanson Posts: 15,629
    Forum Member
    ✭✭
    Nothing new. There are bugs with every OS. They will release a patch to fix it at some point but people will just find new ways to exploit the latest build.
  • finbaarfinbaar Posts: 4,818
    Forum Member
    ✭✭✭
    I have neither read this article nor will I read this article. But there is no reason to. If you get your apps from the Play store, don't root or enable USB debugging you have absolutely nothing to worry about. If you do root your device etc (like me) then you need to know what you are doing.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    finbaar wrote: »
    I have neither read this article nor will I read this article. But there is no reason to. If you get your apps from the Play store, don't root or enable USB debugging you have absolutely nothing to worry about. If you do root your device etc (like me) then you need to know what you are doing.

    that is not completely true. prior to the discovery of this bug it would have been technically possible for an app to be distributed via play and still avail itself of the exploit.

    but i agree the risk is vanishingly small to the point i'm more worried about being hit by a meteorite.
  • IvanIVIvanIV Posts: 30,301
    Forum Member
    ✭✭✭
    flagpole wrote: »
    that is not completely true. prior to the discovery of this bug it would have been technically possible for an app to be distributed via play and still avail itself of the exploit.

    but i agree the risk is vanishingly small to the point i'm more worried about being hit by a meteorite.

    At least you will know what hit you. A software firm should close any found security hole, they do not have a liberty to ignore them, but the severity influences how quickly it will be closed.
  • Ultraman1966Ultraman1966 Posts: 271
    Forum Member
    The trouble is even if Google pushed out a fix for it tomorrow it'll have to rely on the hundreds of manufacturers out there (I'm including those Chinese ones) to update their devices. It's not going to happen, most of the time even flagship phones are only kept up to date for 2 years at best or 12 months at worse. That and the updates take usually more than 3 to 6 months to implement or worse.
  • paulbrockpaulbrock Posts: 16,632
    Forum Member
    ✭✭
    apps doing this could easily be detected and flagged in the play store. I'm with the 'more worried about meteorites' crowd :)
  • Zack06Zack06 Posts: 28,304
    Forum Member
    ✭✭✭
    Surely this is only of concern when sideloading apps? More sensationalist "Android is not safe" nonsense yet again.
  • darkjedimasterdarkjedimaster Posts: 18,620
    Forum Member
    ✭✭
    Zack06 wrote: »
    Surely this is only of concern when sideloading apps? More sensationalist "Android is not safe" nonsense yet again.

    Strange how these sensationalist reports always come when new flagship phones are due to appear, trying to convince people to join the herd of sheep aka Apple.
  • SkipTracerSkipTracer Posts: 2,959
    Forum Member
    ✭✭✭
    It makes life exciting and worth living.:D
  • flagpoleflagpole Posts: 44,641
    Forum Member
    Zack06 wrote: »
    Surely this is only of concern when sideloading apps?
    Why??
Sign In or Register to comment.