Vulnerability found that affects 86% of Android devices

Laptops, PDAs, Cell Phones, and all other tech that you carry with you.

Moderators: Nelliesboo, David, mac_h8r1

Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 7:38 pm

Original article on Ars

Looks like it's been patched in KitKat (v4.4), but not any of the other versions. The comments mention that it's just theoretical at this point, but still... :(
Hz so good
Gerbil Elite
 
Posts: 768
Joined: Wed Dec 04, 2013 5:08 pm

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:05 pm

Attackers would also have to have an app installed on a vulnerable handset.


Also, it's patched in Android 4.4 and up. The worst part about Android remains the speed with which handset makers and service providers stop producing updates, but even Google stopped the Galaxy Nexus, which was launched with 4.0, at 4.3. But yeah, mobile exploits....they exist across all OSes.
MadManOriginal
Gerbil Jedi
 
Posts: 1530
Joined: Wed Jan 30, 2002 7:00 pm
Location: In my head...

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:07 pm

Cool, I (or anyone else whom I personally know) am not affected. As for lower Android versions - well, sucks for cheapskates who buy "no-name" $20 junk from eBay/DealExtreme/whatever, but I'm not really concerned about that.
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
 
Posts: 1890
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:09 pm

From the looks of it, this vulnerability would be very difficult to exploit in practice - an attacker would have to get you to install a malicious app in the first place, and presumably Google is screening the Play store for this sort of thing. So don't sideload apps from shady porn sites, and you will be fine. And looking at the exact nature of the buffer overflow, writing code that exploits it, and it actually useful, will be very difficult to do.
Violence is the last refuge of the incompetent. The competent use violence well before last resorts are necessary.

If violence isn't solving your problems, then you aren't using enough of it.
DreadCthulhu
Gerbil Elite
 
Posts: 970
Joined: Mon Apr 21, 2003 12:43 am
Location: R'lyeh

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:14 pm

DreadCthulhu wrote:an attacker would have to get you to install a malicious app in the first place, and presumably Google is screening the Play store for this sort of thing

Well, to be fair they still occasionally let such things slip by their automated scanners, right into Google Play store, but it's pretty rare :wink:
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
 
Posts: 1890
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:16 pm

Yet another reason why Nexus phones are better than everything else.
This is my signature. There are many like it, but this one is mine. However, my signature is neither my best friend, nor is it my life. I also have no desire to master it and my worth is not signature-dependent.
Chrispy_
Grand Gerbil Poohbah
Silver subscriber
 
 
Posts: 3354
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:17 pm

MadManOriginal wrote:
Attackers would also have to have an app installed on a vulnerable handset.


Also, it's patched in Android 4.4 and up. The worst part about Android remains the speed with which handset makers and service providers stop producing updates, but even Google stopped the Galaxy Nexus, which was launched with 4.0, at 4.3. But yeah, mobile exploits....they exist across all OSes.


JohnC wrote:Cool, I (or anyone else whom I personally know) am not affected. As for lower Android versions - well, sucks for cheapskates who buy "no-name" $20 junk from eBay/DealExtreme/whatever, but I'm not really concerned about that.


Yeah, my HTC Incredible got all of one update via Verizon, and that's what bugs me about the "buy a phone, pitch in a year for newer model" cycle we're in now. Minimal attempt at fixing older revs, just focus on selling the new ones.

And I know more than a few people who get those cheap phones. They tend to get malware either via shady porn sites, or the games they let their kids download and play when they want to use the phone as a babysitter.
Hz so good
Gerbil Elite
 
Posts: 768
Joined: Wed Dec 04, 2013 5:08 pm

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:49 pm

How effective are the mobile anti-virus, such as Avast free for android?
UnfriendlyFire
Gerbil Team Leader
 
Posts: 234
Joined: Sat Aug 03, 2013 7:28 am

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:58 pm

This is a surprise...to someone who's never heard of Android I'm sure.

I like Android...they have a reasonably good platform on the new versions...but every year so far I'm still extremely disappointed.
Savyg
Graphmaster Gerbil
 
Posts: 1186
Joined: Thu Aug 26, 2004 6:18 am
Location: Sanity

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 9:39 pm

UnfriendlyFire wrote:How effective are the mobile anti-virus, such as Avast free for android?

Most of good apps can detect most of the known malware, with very minimal battery impact:
http://www.av-test.org/en/news/news-sin ... tant-fire/

Though obviously they won't detect a "0-day" stuff unless someone submits a sample first, and it's not as easy to do as with Windows OS.
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
 
Posts: 1890
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL


Return to Mobile Tech

Who is online

Users browsing this forum: No registered users and 3 guests