What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Scary Vulnerability: One Text Can Hack 95% of Android Phones

Scary indeed. Nowadays, it's kinda difficult to have that sense of security like the good old days. I guess this is the price we had to pay that comes with the advancement of technology
 
So does email handle media files differently? You would think they hook into the same framework as the MMS does.
According to Lookout...

Any number of applications can process MMS content and thereby receive exploits, but devices using Google Hangouts for this purpose may be most at risk since a victim may not even need to open the message in Hangouts for an attacker to take control of their device. In all other hypothetical attacks it appears a victim needs to open their default SMS messaging app and the message thread itself for the exploit to work (although the media file does not necessarily need to be played within the app).

Based on Lookout’s own Stagefright research over the last 24 hours it also appears that multimedia viewed in a browser (e.g. a web video) could be used to deliver a Stagefright attack.

Read more: What you need to know about the new Android vulnerability, “Stagefright” (What you need to know about the new Android vulnerability Stagefright Lookout Blog
 
Bold claim. Wondering what they did to fix it...

The vulnerability is fixed, or they added an option to not auto-retrieve MMS?
2f9df5f6394badf17f6b1443977b8b0b.jpg

129a3cd9415d2a45409321e7b7b8eeaa.jpg


Support Our Troops !!!
<><
Beast Mode 4
 
I find it suspect that they released the very same feature that I requested a few days ago. It is suspect because they told me that simply turning off auto downloading wasn't enough to protect yourself from StageFright.

And I quote (from my response email):

"P.S In other apps, turning off auto-retrieve is NOT enough as once you tap 'download' the exploit becomes active. Additionally you would not get any MMS pics or group messages. Not a good solution."

Maybe they threw that in their because I mentioned I would have to switch back to Messenger in the mean time?
 
I find it suspect that they released the very same feature that I requested a few days ago. It is suspect because they told me that simply turning off auto downloading wasn't enough to protect yourself from StageFright.

And I quote (from my response email):

"P.S In other apps, turning off auto-retrieve is NOT enough as once you tap 'download' the exploit becomes active. Additionally you would not get any MMS pics or group messages. Not a good solution."

Maybe they threw that in their because I mentioned I would have to switch back to Messenger in the mean time?
Well, they're technically right. If you download a message that wasn't downloaded by auto-retrieve and it's got the necessary code/command/whatever for the exploit, you're SOL.

I'm assuming that they've added some code to block whatever the trigger is so that you can still get MMS and group messages without having to worry. If that's truly the case, that's a better fix than turning off Auto-Retrieve.
 
Well, they're technically right. If you download a message that wasn't downloaded by auto-retrieve and it's got the necessary code/command/whatever for the exploit, you're SOL.

I'm assuming that they've added some code to block whatever the trigger is so that you can still get MMS and group messages without having to worry. If that's truly the case, that's a better fix than turning off Auto-Retrieve.

It looks like they just added a feature that other text apps have. They can't fix the exploit...just hinder the path the exploit needs to take so their update is putting them on par with other apps. I just found it to be funny.
 
It looks like they just added a feature that other text apps have. They can't fix the exploit...just hinder the path the exploit needs to take so their update is putting them on par with other apps. I just found it to be funny.
I'm fine with that until Google does its part, pushes it to Samsung, who will find a way to add bloat to it and take forever to do so then push it to AT&T who will take forever to do it and find a way to make it use more battery on my phone and add more bloat at the same time before eventually pushing it out.

Support Our Troops !!!
<><
Beast Mode 4
 
Back
Top