Scary Vulnerability: One Text Can Hack 95% of Android Phones

[Jonny Kansas]

But if you as a user have root access & your device does become compromised, whoever got in now has root access as well. Just like you should keep a separate administrator account on your PC that's only used to grant permission to other users. Ie, don't log yourself in with administrator access every time you log in. Set yourself up as a user. Then, if that user & only that user is compromised, the attacker doesn't have administrative privileges.

Easier said than done. And as had already been stated, no one is ever 100% safe.

 

[Powarun]

Do you root your Nexus @Powarun ?

S5 tap'n

No, I did to access the front LED and knock on then figured it wasn't worth it. Especially after soft bricking.

 

[cr6]

We take for granted the files we flash to our rooted devices and just "expect" them to be free of malicious code. These guys that gain root access, unlock bootloaders and create their own roms for us to flash can easily slip a line of code into their rom that gives them complete access to your device, your microphone or camera at anytime and you would have no idea. We don't know these developers from Adam, yet we blindly trust them with our devices everyday. Look how long it takes Google to find these vulnerabilities on stock devices. Unless you know code and know what you're looking for (let alone take the time to bother looking for it to begin with) all of us that root our devices are susceptible. Not to mention all the apps we download....forget root, just look at the permissions on your average everyday app. It's probably a lot more common than we realize.

S5 tap'n

 

[akhenax]

iPhone or Nexus. Yeah not a funny joke. But thats one of the reasons why I jumped on the Nexus 6 was updates in a very timely fashion.

You as a general hacker (I'm making an assumption here) can update your Nexus 6 with the latest OS software. Anyone buying a Nexus 6 through a carrier still has to wait for the updates to be approved (ex. Verizon 5.1.1).

edit: And now that the firmware is forked based on carrier, or whether the device is International, it's makes it harder to update.

Also, just as a general rant, [rant] why can't I receive OTA updates when my phone is rooted!!!![/rant]

 

[Ollie]

Google will be pushing an update soon for Nexus devices:

Google Promises A Stagefright Security Update For Nexus Devices Starting Next Week

 

[cr6]

Also, just as a general rant, [rant] why can't I receive OTA updates when my phone is rooted!!!![/rant]

It's been this way from day one. If you root your device, you never take OTA updates, unless you want to loose root. You either wait for developers to push out an update for you to flash, or you return to stock, take the update and hope you can still root on the latest OS version.



S5 tap'n

 

[Dusty]

We take for granted the files we flash to our rooted devices and just "expect" them to be free of malicious code... We don't know these developers from Adam, yet we blindly trust them with our devices everyday...

This is absolutely right. The only ROMs I'd use would be an OEM or a community built ROM that provides the code openly where people look for just that type of thing like CM.

I just don't trust any random TEAM BlOodY SkUL DuDeZ ToXiC ROM X. I just can't.

 

[akhenax]

It's been this way from day one. If you root your device, you never take OTA updates, unless you want to loose root. You either wait for developers to push out an update for you to flash, or you return to stock, take the update and hope you can still root on the latest OS version.



S5 tap'n

I think I knew that much for non-Nexus devices, but was under a different impression when it came to the Nexus line. My thinking was that Nexus devices were meant to be rooted, because they are developer devices. Was this wrong?

 

[Jonny Kansas]

Crap. I was just reminded in an annoying way that group texts are sent as mms. Now, when my fellow board members & I are having a discussion via text, I have to download each message manually...

 

[obxsalvo]

That's probably what's going to happen. The last security flaw on a Samsung device was patched by Samsung over the air on my phone. I'm sure they will do the same for Messenger.

My problem is that I now have to stop using Textra. They do not include an option to turn off auto downloading. I guess I will go back to Sammy's Messenger app for now and shoot the Developer of Textra an email.

NUTS ! I'm using Textra also ... I hated the stock one ... now I got to break in a new App.

 

[Ollie]

NUTS ! I'm using Textra also ... I hated the stock one ... now I got to break in a new App.

I sent them an email asking whether or not they would add the option to turn off auto downloading. Hopefully they will reply.

 

[Ollie]

I just received a reply and they said the fix would be out this week.

We are working on a rock solid solution for 'StageFright' in Release 3.1 of Textra out this week. For the next day or so, if you feel vulnerable you could change your Textra Settings > MMS Settings > APNs to be invalid until the fix is out.

 

[Jonny Kansas]

I just received a reply and they said the fix would be out this week.

We are working on a rock solid solution for 'StageFright' in Release 3.1 of Textra out this week. For the next day or so, if you feel vulnerable you could change your Textra Settings > MMS Settings > APNs to be invalid until the fix is out.

Depending on the fix, maybe I'll give textra a try. Haha

 

[Ollie]

I like it. I switched from Handcent because the ads took over the app and they wanted me to pay a yearly fee to keep the ads away.

I'm so over this IAP business model. Charge me a price for an app and I will pay it. Try to nickel and dime me and I am out.

Textra has a one time fee to remove their ads even though the ads are not intrusive. I paid it to support the devs.

 

[Jonny Kansas]

I can never get into them because I just need something to send & receive texts. I like hangouts because I occasionally use the messenger, so I figure I might as well kill 2 birds with one app.