Home Page
   Articles
       links
About Us    
Traders        
Recipes            
Latest Articles
Android bug

 
Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters
Author 
 Message
vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Tue Jul 28, 15 4:10 pm    Post subject: Android bug Reply with quote
    

If you own an Android device and haven't recently patched it...

https://www.bbc.co.uk/news/technology-33689399

Hairyloon



Joined: 20 Nov 2008
Posts: 15425
Location: Today I are mostly being in Yorkshire.
PostPosted: Tue Jul 28, 15 6:02 pm    Post subject: Reply with quote
    

Quote:
The flaw can be exploited by sending a photo or video message to a person's smartphone, without any action by the receiver...
Hackers were able to send malicious code within a multimedia message that could access a service within Android called Stagefright.

After Stagefright had been invoked, which required no action from the victim, other data and apps on the handset could be accessed by the malicious code.


OK, so how's that work?
Why is anything running code that is hidden in a picture?

More importantly, how do we know if we have got the patch or not?

dpack



Joined: 02 Jul 2005
Posts: 45374
Location: yes
PostPosted: Tue Jul 28, 15 7:13 pm    Post subject: Reply with quote
    

hiding code in images is a classic tactic,i had a lot of bother from an "angry monkey" that contained a very nasty hidden payload and by passed a multi layer "stop nasty things"set up.

it is also a good tactic if one wishes to hide data to encrypt it and put it inside a large image file or better still a movie .

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Tue Jul 28, 15 8:02 pm    Post subject: Reply with quote
    

https://www.npr.org/sections/alltechconsidered/2015/07/27/426613020/major-flaw-in-android-phones-would-let-hackers-in-with-just-a-text

dpack



Joined: 02 Jul 2005
Posts: 45374
Location: yes
PostPosted: Tue Jul 28, 15 11:00 pm    Post subject: Reply with quote
    

awesome hack,i wonder how many hits so far.it would be a bit handy for the ssr or mossad type crew as well as stalkers or fraudsters especially as it has a stealth approach.

RichardW



Joined: 24 Aug 2006
Posts: 8443
Location: Llyn Peninsular North Wales
PostPosted: Wed Jul 29, 15 7:53 am    Post subject: Reply with quote
    

Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Wed Jul 29, 15 11:19 am    Post subject: Reply with quote
    

RichardW wrote:
Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.


Are you suggesting users shouldn't patch and just ignore it? Is that a safe stance to take? I doubt it will go away by ignoring it.

Details of the vulnerability are being released next week expect exploits to start then. It's a vulnerability that has never been patched until now and has potential to cause harm that in itself with worth highlighting.

vegplot



Joined: 19 Apr 2007
Posts: 21301
Location: Bethesda, Gwynedd
PostPosted: Wed Jul 29, 15 11:19 am    Post subject: Reply with quote
    

RichardW wrote:
Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.


Are you suggesting users shouldn't patch and just ignore it? Is that a safe stance to take? I doubt it will go away by ignoring it.

Details of the vulnerability are being released next week expect exploits to start then. It's a vulnerability that has never been patched until now and has potential to cause harm that in itself with worth highlighting.

dpack



Joined: 02 Jul 2005
Posts: 45374
Location: yes
PostPosted: Wed Jul 29, 15 12:59 pm    Post subject: Reply with quote
    

RichardW wrote:
Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.


maybe there are victims who had a gps tracer enabled and have not reported a problem cos they were on the kill list and received a brimstone rather than lost their bank details,just a thought but it is exactly the sort of targeting that has become popular in some circles.

Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters All times are GMT
Page 1 of 1
View Latest Posts View Latest Posts

 

Archive
Powered by php-BB © 2001, 2005 php-BB Group
Style by marsjupiter.com, released under GNU (GNU/GPL) license.
Copyright © 2004 marsjupiter.com