Digital Spy

Search Digital Spy
 

DS Forums

 
 

Android exploit. 99% of devices vulnerable.


Reply
Thread Tools Search this Thread
Old 04-07-2013, 20:13
Inspiration
Forum Member
 
Join Date: Jul 2003
Posts: 44,832

Opps..

http://techcrunch.com/2013/07/04/android-security-hole/
http://www.bbc.co.uk/news/technology-23179522
Inspiration is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 04-07-2013, 21:06
coopermanyorks
Forum Member
 
Join Date: Jan 2003
Location: In Gods Own County
Posts: 20,010
...................What a great usp
coopermanyorks is offline Follow this poster on Twitter   Reply With Quote
Old 04-07-2013, 21:34
grumpyoldbat
Forum Member
 
Join Date: Apr 2008
Posts: 3,483
Good to see that Google are acting quickly to fix this via the Play store. I'll expect an update for my Nexus 4 soon.
grumpyoldbat is offline   Reply With Quote
Old 04-07-2013, 21:38
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: simply, no answer to Kidspud.
Posts: 24,297
I think that means that any non app store downloads need to be hash check summed before installing.

Obviously this applies to Flash the most.
I'm assuming 'apk code' here refers to apps not actually installed.
alanwarwic is offline   Reply With Quote
Old 04-07-2013, 21:43
BrokenArrow
Forum Member
 
Join Date: Mar 2007
Location: Hampshire
Posts: 15,687
I don't get it, surely any sideloaded app can do what it wants with the phone anyway
BrokenArrow is offline   Reply With Quote
Old 04-07-2013, 21:49
Mr. Cool
Forum Member
 
Join Date: Dec 2011
Posts: 1,469
I'm going to say this is blown out of proportion and it's good Google are working on a fix.

Firstly, it's unlikely 900m people will be affected because a popular app has to be malicious, which is unlikely in itself.

A lot of hype for a potentially small issue.
Mr. Cool is offline   Reply With Quote
Old 04-07-2013, 22:08
kidspud
Forum Member
 
Join Date: May 2010
Posts: 5,017
I'm going to say this is blown out of proportion and it's good Google are working on a fix.

Firstly, it's unlikely 900m people will be affected because a popular app has to be malicious, which is unlikely in itself.

A lot of hype for a potentially small issue.
I think the point is that any of the 900m users could be affected, not all of them.

If they roll out a fix, you would imagine they would want to roll it out to everyone.
kidspud is offline   Reply With Quote
Old 04-07-2013, 22:18
Mr. Cool
Forum Member
 
Join Date: Dec 2011
Posts: 1,469
I think the point is that any of the 900m users could be affected, not all of them.

If they roll out a fix, you would imagine they would want to roll it out to everyone.
I wonder if Samsung pushed their patch upstream and maybe contributed some code? Or maybe Google is independently working on a fix. Though it's unconfirmed whether or not the S4 is excluded from this warning.

Also, as long as Google Play is used (or Amazon etc.) rather than an unknown app store, the risk is reduced even more.
Mr. Cool is offline   Reply With Quote
Old 04-07-2013, 22:34
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: simply, no answer to Kidspud.
Posts: 24,297
I think the point is that any of the 900m users could be affected, not all of them.
A bit like "all HTC One owners at risk of being mugged for their phone".
alanwarwic is offline   Reply With Quote
Old 04-07-2013, 22:40
cnbcwatcher
Forum Member
 
Join Date: Sep 2008
Location: At college, in L.A.'s office
Posts: 50,326
If there's going to be a fix how will we be able to download it or where will we be able to download it from?

I'm beginning to wonder if I should install an antivirus app on my phone. Would that help keep malware at bay? As for apps I only use the Play store and I haven't got the option to use other app stores enabled.
cnbcwatcher is offline   Reply With Quote
Old 04-07-2013, 22:48
Mr. Cool
Forum Member
 
Join Date: Dec 2011
Posts: 1,469
If there's going to be a fix how will we be able to download it or where will we be able to download it from?

I'm beginning to wonder if I should install an antivirus app on my phone. Would that help keep malware at bay? As for apps I only use the Play store and I haven't got the option to use other app stores enabled.
Probably a Google Play update.
Mr. Cool is offline   Reply With Quote
Old 04-07-2013, 23:32
tdenson
Forum Member
 
Join Date: Aug 2005
Posts: 2,919

A lot of hype for a potentially small issue.
I suspect if this was IOS you would be making a lot more of it
tdenson is offline   Reply With Quote
Old 04-07-2013, 23:35
Zack06
Forum Member
 
Join Date: Aug 2009
Posts: 27,068
Meh....these sorts of issues crop up all the time, across platforms.

http://gizmodo.com/5984190/how-to-by...anyones-iphone

http://www.informationweek.co.uk/sec...omis/240142933
Zack06 is offline   Reply With Quote
Old 04-07-2013, 23:39
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 12,680
I suspect if this was IOS you would be making a lot more of it
If this were iOS, the thread would be up to ten pages by now and people would be falling over themselves to comment on the terrible security lapse.
IslandNiles is online now   Reply With Quote
Old 04-07-2013, 23:58
tdenson
Forum Member
 
Join Date: Aug 2005
Posts: 2,919
If this were iOS, the thread would be up to ten pages by now and people would be falling over themselves to comment on the terrible security lapse.
Quite
tdenson is offline   Reply With Quote
Old 05-07-2013, 00:02
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: simply, no answer to Kidspud.
Posts: 24,297
If this were iOS, the thread would be up to ten pages by now ...
Really?

I thought total silence is more the norm on such like stuff.
And imagine the outrage if Google was able to install US NSA software on Android, which logically it is the only one which can't without being found out.

iPhone tracking for life, hardly a murmur.
iPhones new tracking via any routers you all pass, not a word.
alanwarwic is offline   Reply With Quote
Old 05-07-2013, 00:12
Stiggles
Forum Member
 
Join Date: Jan 2011
Location: Dundee, Scotland
Posts: 7,887
I suspect if this was IOS you would be making a lot more of it
Probably because for years we have heard how its the most secure etc etc etc and had apple users blurting this out constantly.

There was an issue like this with iOS if i remember correctly anyway.
Stiggles is offline   Reply With Quote
Old 05-07-2013, 00:29
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 12,680
Really?

I thought total silence is more the norm on such like stuff.
And imagine the outrage if Google was able to install US NSA software on Android, which logically it is the only one which can't without being found out.

iPhone tracking for life, hardly a murmur.
iPhones new tracking via any routers you all pass, not a word.
Are you making an actual point? There was a HUGE fuss made when the tracking thing was uncovered, and rightly so.

You've mentioned this thing about Apple tracking you via routers before. Do you have anything to substantiate it? If you're talking about wifi positioning, then that's not Apple tracking iPhones. You realise that Android uses this technique too, right?
IslandNiles is online now   Reply With Quote
Old 05-07-2013, 00:38
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: simply, no answer to Kidspud.
Posts: 24,297
Are you making an actual point? There was a HUGE fuss made when the tracking thing was uncovered, and rightly so.
I can't recall much of any discussion.
It was quite funny Jobs calling it 'shocking' but with him the salesman I guess he never needed to know.

On this Android hitch, I do hope news sites and Adobe advise about tampered Flash downloads.
Everything else downloaded in a similar fashion is piffling.
alanwarwic is offline   Reply With Quote
Old 05-07-2013, 06:53
kidspud
Forum Member
 
Join Date: May 2010
Posts: 5,017
A bit like "all HTC One owners at risk of being mugged for their phone".
No, nothing like that.
kidspud is offline   Reply With Quote
Old 05-07-2013, 06:55
kidspud
Forum Member
 
Join Date: May 2010
Posts: 5,017
Really?

I thought total silence is more the norm on such like stuff.
And imagine the outrage if Google was able to install US NSA software on Android, which logically it is the only one which can't without being found out.

iPhone tracking for life, hardly a murmur.
iPhones new tracking via any routers you all pass, not a word.
They don't need to install anything, there data capture already goes beyond what some feel is legal.

http://www.bbc.co.uk/news/technology-23187771
kidspud is offline   Reply With Quote
Old 05-07-2013, 08:30
Inspiration
Forum Member
 
Join Date: Jul 2003
Posts: 44,832
Not really the same. The first link requires physical access to the phone.. which if someone else has physical access to your phone it's already compromised anyway. And the second link is about images, which could apply to all OS's. It's just they highlighted iOS because it auto loads images in email clients. But so do others.

This particular hack would appear to suggest Android users are now having to be cautious to only download apps from "recognised developers" which to me is a huge flaw. But then i've never agreed with the nature of the Android app store. People mock Apple for approving apps but at least it added another level of security.
Inspiration is offline   Reply With Quote
Old 05-07-2013, 08:35
Inspiration
Forum Member
 
Join Date: Jul 2003
Posts: 44,832
iPhones new tracking via any routers you all pass, not a word.
You're going to have to provide a link to this because I googled "iphone tracking routers" and found no news stories. I would also be very surprised if Apple are doing anything related to routers as Steve Jobs was a huge critic of Googles router database.

Which let's not forget.. while they were driving their little camera cars around the world taking photos of everyones house and street.. they were also recording every router they came across and plotting it on a map and storing all this in a huge database. That's why when you go onto google map and ask it to find your location when hard wired into a broadband line, it can find your exact location. So really.. no one knows router privacy breaches better than Google do.

Heres Steve discussing it: http://www.youtube.com/watch?v=39iKLwlUqBo
Inspiration is offline   Reply With Quote
Old 05-07-2013, 08:40
kidspud
Forum Member
 
Join Date: May 2010
Posts: 5,017
Not really the same tho are they? The first link requires physical access to the phone.. which if someone else has physical access to your phone it's already compromised anyway. And the second link is about images, which could apply to all OS's. It's just they highlighted iOS because it auto loads images in email clients. But so do others.

This particular hack would appear to suggest Android users are now having to be cautious to only download apps from "recognised developers" which to me is a huge flaw. But then i've never agreed with the nature of the Android app store. People mock Apple for approving apps but at least it added another level of security.
For me, the issue is not even the actual security flaw, it is the fact that an update needs to be rolled out to all android devices (a claimed 900m). Given the fragmentation I will be interested to see how quickly that can be achieved.

It is interesting that Samsung have already included a fix for the S4. How does that fit with an overall solution for android? Are you going to get a situation where each supplier is going to start providing patches for OS flaws and not just bug fixes for their overlays?
kidspud is offline   Reply With Quote
Old 05-07-2013, 08:41
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 12,680
Apple does have its own router database, which is used like Google's for wifi location. It's not the tracking system that Alan suggests though.
IslandNiles is online now   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT +1. The time now is 20:31.