Vulnerability found that affects 86% of Android devices

Laptops, PDAs, Cell Phones, and all other tech that you carry with you.

Moderators: mac_h8r1, Nelliesboo, David

Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 7:38 pm

Original article on Ars

Looks like it's been patched in KitKat (v4.4), but not any of the other versions. The comments mention that it's just theoretical at this point, but still... :(
Hz so good
Gerbil Elite
 
Posts: 601
Joined: Wed Dec 04, 2013 5:08 pm

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:05 pm

Attackers would also have to have an app installed on a vulnerable handset.


Also, it's patched in Android 4.4 and up. The worst part about Android remains the speed with which handset makers and service providers stop producing updates, but even Google stopped the Galaxy Nexus, which was launched with 4.0, at 4.3. But yeah, mobile exploits....they exist across all OSes.
MadManOriginal
Graphmaster Gerbil
 
Posts: 1422
Joined: Wed Jan 30, 2002 7:00 pm
Location: In my head...

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:07 pm

Cool, I (or anyone else whom I personally know) am not affected. As for lower Android versions - well, sucks for cheapskates who buy "no-name" $20 junk from eBay/DealExtreme/whatever, but I'm not really concerned about that.
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
Gold subscriber
 
 
Posts: 1886
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:09 pm

From the looks of it, this vulnerability would be very difficult to exploit in practice - an attacker would have to get you to install a malicious app in the first place, and presumably Google is screening the Play store for this sort of thing. So don't sideload apps from shady porn sites, and you will be fine. And looking at the exact nature of the buffer overflow, writing code that exploits it, and it actually useful, will be very difficult to do.
Violence is the last refuge of the incompetent. The competent use violence well before last resorts are necessary.

If violence isn't solving your problems, then you aren't using enough of it.
DreadCthulhu
Gerbil Elite
 
Posts: 904
Joined: Mon Apr 21, 2003 12:43 am
Location: R'lyeh

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:14 pm

DreadCthulhu wrote:an attacker would have to get you to install a malicious app in the first place, and presumably Google is screening the Play store for this sort of thing

Well, to be fair they still occasionally let such things slip by their automated scanners, right into Google Play store, but it's pretty rare :wink:
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
Gold subscriber
 
 
Posts: 1886
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:16 pm

Yet another reason why Nexus phones are better than everything else.
<insert large, flashing, epileptic-fit-inducing signature (based on the latest internet-meme) here>
Chrispy_
Gerbil Jedi
Gold subscriber
 
 
Posts: 1881
Joined: Fri Apr 09, 2004 3:49 pm

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:17 pm

MadManOriginal wrote:
Attackers would also have to have an app installed on a vulnerable handset.


Also, it's patched in Android 4.4 and up. The worst part about Android remains the speed with which handset makers and service providers stop producing updates, but even Google stopped the Galaxy Nexus, which was launched with 4.0, at 4.3. But yeah, mobile exploits....they exist across all OSes.


JohnC wrote:Cool, I (or anyone else whom I personally know) am not affected. As for lower Android versions - well, sucks for cheapskates who buy "no-name" $20 junk from eBay/DealExtreme/whatever, but I'm not really concerned about that.


Yeah, my HTC Incredible got all of one update via Verizon, and that's what bugs me about the "buy a phone, pitch in a year for newer model" cycle we're in now. Minimal attempt at fixing older revs, just focus on selling the new ones.

And I know more than a few people who get those cheap phones. They tend to get malware either via shady porn sites, or the games they let their kids download and play when they want to use the phone as a babysitter.
Hz so good
Gerbil Elite
 
Posts: 601
Joined: Wed Dec 04, 2013 5:08 pm

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:49 pm

How effective are the mobile anti-virus, such as Avast free for android?
UnfriendlyFire
Gerbil
 
Posts: 90
Joined: Sat Aug 03, 2013 7:28 am

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 8:58 pm

This is a surprise...to someone who's never heard of Android I'm sure.

I like Android...they have a reasonably good platform on the new versions...but every year so far I'm still extremely disappointed.
Meow.
Savyg
Gerbil Elite
Silver subscriber
 
 
Posts: 639
Joined: Thu Aug 26, 2004 6:18 am
Location: Between desert and tundra

Re: Vulnerability found that affects 86% of Android devices

Postposted on Sun Jun 29, 2014 9:39 pm

UnfriendlyFire wrote:How effective are the mobile anti-virus, such as Avast free for android?

Most of good apps can detect most of the known malware, with very minimal battery impact:
http://www.av-test.org/en/news/news-sin ... tant-fire/

Though obviously they won't detect a "0-day" stuff unless someone submits a sample first, and it's not as easy to do as with Windows OS.
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
Gold subscriber
 
 
Posts: 1886
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL


Return to Mobile Tech

Who is online

Users browsing this forum: No registered users and 2 guests