Scary Vulnerability: One Text Can Hack 95% of Android Phones

[mountainbikermark]

I like it. I switched from Handcent because the ads took over the app and they wanted me to pay a yearly fee to keep the ads away.

I'm so over this IAP business model. Charge me a price for an app and I will pay it. Try to nickel and dime me and I am out.

Textra has a one time fee to remove their ads even though the ads are not intrusive. I paid it to support the devs.

Ditto

Support Our Troops !!!
<><
Beast Mode 4

 

[cr6]

I think I knew that much for non-Nexus devices, but was under a different impression when it came to the Nexus line. My thinking was that Nexus devices were meant to be rooted, because they are developer devices. Was this wrong?

Yep, it's that way on all devices. Nexus devices weren't necessarily "made/meant" to be rooted, their just much easier to root. All the same rules still apply.

S5 tap'n

 

[SpeJ3435]

iPhone or Nexus. Yeah not a funny joke. But thats one of the reasons why I jumped on the Nexus 6 was updates in a very timely fashion.

You as a general hacker (I'm making an assumption here) can update your Nexus 6 with the latest OS software. Anyone buying a Nexus 6 through a carrier still has to wait for the updates to be approved (ex. Verizon 5.1.1).

edit: And now that the firmware is forked based on carrier, or whether the device is International, it's makes it harder to update.

Also, just as a general rant, [rant] why can't I receive OTA updates when my phone is rooted!!!![/rant]

And don't forget what happened with the Galaxy Nexus on Verizon. Verizon basically sticks it to people on updates no matter what phone you have.

 

[Jonny Kansas]

And don't forget what happened with the Galaxy Nexus on Verizon. Verizon basically sticks it to people on updates no matter what phone you have.

Actually, they were the first to update one of the recent Samsung phones in the US. I think it was the S5.

However, I had the Galaxy Nexus, so I know exactly what you mean.

 

[Einsteindks]

So then, if these apps are NOT used for texting, and are not the go-to app when MMS texts come in, is one safe? I use Verizon's Message+ for texting, am not active in Google+.

 

[Ollie]

So then, if these apps are NOT used for texting, and are not the go-to app when MMS texts come in, is one safe? I use Verizon's Message+ for texting, am not active in Google+.

If your messenger auto downloads attachments then theoretically you are at risk. I would assume the same goes for email clients that download everything in the background when you open your email.

It is an underlying issue with the way that Android handles any sort of media files.

The Nexus 6 is the most protected device according to Google ATM although there is still a chance for the 6 to get hit with this.

Turn off auto downloading if you can or switch to a client that allows auto downloads to be toggled on/off.

 

[Jonny Kansas]

So then, if these apps are NOT used for texting, and are not the go-to app when MMS texts come in, is one safe? I use Verizon's Message+ for texting, am not active in Google+.

The attack is sent via MMS, so it doesn't matter what app you use, you don't want it to auto-download MMS messages.

If it auto retrieves, the exploit will be activated.

 

[Miklb58]

How are we to know when the problem has been fixed?

Sent from my Verizon Galaxy Note4 using Tapatalk

 

[Jonny Kansas]

How are we to know when the problem has been fixed?

Sent from my Verizon Galaxy Note4 using Tapatalk

It'll likely be listed in a changelog when a system update comes. Either that or it'll be reported on sites like this one.

 

[Dusty]

Hey. I was just reading more about STAGEFRIGHT

... the "massive security flaw" that will give you wet willies in the night and spit in your Doritos when you aren't looking.

Apparently, all it does is trigger a memory overflow which causes the device to "freeze". Then all you have to do is do a hard reset or battery pull, and reboot the phone and it's fine. Nothing happens. That's all.

Talk about OVER BLOWN. LoL!

Has anyone heard differently?

 

[Jonny Kansas]

I had read that it gives access to the camera, microphone, toggling of Bluetooth and etc. The article I read on it said you might not even know you've been infected because the offending message could be deleted after activating the exploit.

Could be whoever wrote that article on it was incorrect though.

 

[Dusty]

I had read that it gives access to the camera, microphone, toggling of Bluetooth and etc. The article I read on it said you might not even know you've been infected because the offending message could be deleted after activating the exploit.

Could be whoever wrote that article on it was incorrect though.

What I'm hearing is that the discoverers claimed that the "malicious code" could possibly do this but people who are looking into it are simply freezing phones as soon as they attempt to run commands.

I'll keep reading tonight to see what "they" discover in practice.

 

[Ollie]

Hey. I was just reading more about STAGEFRIGHT

... the "massive security flaw" that will give you wet willies in the night and spit in your Doritos when you aren't looking.

Apparently, all it does is trigger a memory overflow which causes the device to "freeze". Then all you have to do is do a hard reset or battery pull, and reboot the phone and it's fine. Nothing happens. That's all.

Talk about OVER BLOWN. LoL!

Has anyone heard differently?

The memory over flow is a separate exploit released yesterday evening. It isn't StageFright.

 

[jackiescivic]

So for those of us who use the stock messaging app on their phones, what does it mean?

Sent from my Verizon G4

 

[Jonny Kansas]

So for those of us who use the stock messaging app on their phones, what does it mean?

Sent from my Verizon G4

Disable auto retrieve of MMS.