Welcome to Our WirelessAdvisor Community!

You are viewing our forums as a GUEST. Please join us so you can post and view all the pictures.
Registration is easy, fast and FREE!

Major Flaw In Android Phones Would Let Hackers In

Discussion in 'Wireless News' started by viewfly, Jul 27, 2015.

?

How concerned are you that your Android device may be attacked due to this flaw?

  1. Extremely Concerned - an attack is likely imminent.

    0 vote(s)
    0.0%
  2. Somewhat Concerned - let's see how the flaw is addressed or mitigated.

    5 vote(s)
    55.6%
  3. Little to no concern.

    4 vote(s)
    44.4%
  1. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    via npr: Major Flaw In Android Phones Would Let Hackers In With Just A Text http://n.pr/1esu2Yh

    "Android is the most popular mobile operating system on earth. About 80 percent of smartphones run on Android. And it turns out, there's a gaping hole in the software: a hole that would let hackers break into someone's phone and take over, just by knowing the phone's number. That's according to mobile security experts at the firm Zimperium.

    Just A Text

    In this attack, the target would not need to goof up — open an attachment or download a file that's corrupt. The malicious code would take over instantly, the moment you receive a text message."

    Sent from my iPhone using Tapatalk
     
  2. JFB

    JFB Gold Senior Member
    Administrator Super Moderator

    Joined:
    Jan 1, 1998
    Messages:
    5,024
    Cell Tower Picture Gallery:
    7
    Likes Received:
    816
    Location:
    New Jersey, USA
    My Phone:
    Samsung S21 5G
    Wireless Provider(s):
    Mint Mobile
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    viewfly likes this.
  3. palandri

    palandri Former Palm Guy
    Senior Member

    Joined:
    Nov 17, 2009
    Messages:
    1,223
    Likes Received:
    903
    Location:
    Chicago
    My Phone:
    Pixel 7
    Wireless Provider(s):
    Project Fi
    I wonder if my Nexus 5 has been patched? since all my updates come directly from Google.
     
  4. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    palandri likes this.
  5. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    I assume this affects Android tablets too? Does android have a shared text app with Android phones?


    Sent from my iPad using Tapatalk
     
  6. palandri

    palandri Former Palm Guy
    Senior Member

    Joined:
    Nov 17, 2009
    Messages:
    1,223
    Likes Received:
    903
    Location:
    Chicago
    My Phone:
    Pixel 7
    Wireless Provider(s):
    Project Fi
    I have a Nexus 9 and text messages between my phone and tablet are not shared
     
  7. charlyee

    charlyee Ultimate Insanity
    Super Moderator Senior Member

    Joined:
    Dec 16, 2002
    Messages:
    9,906
    Cell Tower Picture Gallery:
    135
    Likes Received:
    1,586
    Location:
    SE Wisconsin
    My Phone:
    iPhone X
    Wireless Provider(s):
    at&t/Airtel/Turkcell
    I have an Asus MemoPad 7 with no texting capability, however I do use Hangouts on it and that's one of the culprits as well iirc


    Sent from my iPhone 6 using Tapatalk
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. palandri

    palandri Former Palm Guy
    Senior Member

    Joined:
    Nov 17, 2009
    Messages:
    1,223
    Likes Received:
    903
    Location:
    Chicago
    My Phone:
    Pixel 7
    Wireless Provider(s):
    Project Fi
    ...but you only get text messages on hangouts on your tablet from people on your Google+ list, since it has no phone number.
     
  9. dmapr

    dmapr Silver Senior Member
    Senior Member

    Joined:
    Dec 4, 2006
    Messages:
    4,468
    Likes Received:
    1,181
    Location:
    Bay Area, CA
    My Phone:
    Pixel XL
    Wireless Provider(s):
    Verizon Wireless; MTS
    I *think* that if you use Hangouts as your SMS app on the phone that it will sync the SMS db elsewhere. Plus, you can hook up a Google Voice number.
     
  10. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    This is a huge tech flaw and business model flaw ( re JFB MIT article).

    Wonder how government will/have use or abuse this.
    Or will inspire China to develop their own os

    Has Microsoft or Apple stock jumped recently?


    Sent from my iPhone using Tapatalk
     
  11. charlyee

    charlyee Ultimate Insanity
    Super Moderator Senior Member

    Joined:
    Dec 16, 2002
    Messages:
    9,906
    Cell Tower Picture Gallery:
    135
    Likes Received:
    1,586
    Location:
    SE Wisconsin
    My Phone:
    iPhone X
    Wireless Provider(s):
    at&t/Airtel/Turkcell
    Google stocks don't seem to reflect any major downturn. Both Google and Apple are down but nothing tremendous considering the overall market.

    Microsoft has jumped up but I am guessing that's due to Windows 10 launch.

    So how seriously are the investors and Google taking this?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    And consumers and WA Android members? How seriously are they taking it?

    Or are they assuming 'the' update will come to them without question?


    Sent from my iPhone using Tapatalk
     
    charlyee likes this.
  13. JFB

    JFB Gold Senior Member
    Administrator Super Moderator

    Joined:
    Jan 1, 1998
    Messages:
    5,024
    Cell Tower Picture Gallery:
    7
    Likes Received:
    816
    Location:
    New Jersey, USA
    My Phone:
    Samsung S21 5G
    Wireless Provider(s):
    Mint Mobile
    @viewfly We can add a poll to the thread about members level of concern. I can do it if you'd like.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    Yes, that would be interesting, certainly. Please do, with any phrasing you deem best. VF


    Sent from my iPad using Tapatalk
     
  15. JFB

    JFB Gold Senior Member
    Administrator Super Moderator

    Joined:
    Jan 1, 1998
    Messages:
    5,024
    Cell Tower Picture Gallery:
    7
    Likes Received:
    816
    Location:
    New Jersey, USA
    My Phone:
    Samsung S21 5G
    Wireless Provider(s):
    Mint Mobile
    I have added a poll to this thread. See below the thread title.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. charlyee

    charlyee Ultimate Insanity
    Super Moderator Senior Member

    Joined:
    Dec 16, 2002
    Messages:
    9,906
    Cell Tower Picture Gallery:
    135
    Likes Received:
    1,586
    Location:
    SE Wisconsin
    My Phone:
    iPhone X
    Wireless Provider(s):
    at&t/Airtel/Turkcell
    Great idea Joe.

    Do I get a prize for being the first one to vote? :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. KevinJames

    KevinJames WA's 1st retired mod
    Senior Member

    Joined:
    Oct 2, 2001
    Messages:
    4,044
    Likes Received:
    739
    Location:
    Central Valley NorCA
    My Phone:
    Samsung S7-Edge
    Wireless Provider(s):
    AT&T & Verizon
    It is serious enough that I turned off auto-download of videos from MMS for both my own and my wife's phones.
     
    our3rotts likes this.
  18. dmapr

    dmapr Silver Senior Member
    Senior Member

    Joined:
    Dec 4, 2006
    Messages:
    4,468
    Likes Received:
    1,181
    Location:
    Bay Area, CA
    My Phone:
    Pixel XL
    Wireless Provider(s):
    Verizon Wireless; MTS
    Yes, it is serious enough. And yes, the prevention is so simple (turn off auto-download of MMS) that it causes me no concern. I turned it off and voilĂ  -- I'm now protected against it :)
     
    RadioRaiders likes this.
  19. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    So perhaps I misunderstood. My original post stated clearly, that NOT downloading the MMS does NOT protect you.

    Just getting the text was all that was needed. From the OP linked article.

    In this attack, the target would not need to goof up — open an attachment or download a file that's corrupt. The malicious code would take over instantly, the moment you receive a text message.

    "This happens even before the sound that you've received a message has even occurred," says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker's Handbook. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."
     
  20. dmapr

    dmapr Silver Senior Member
    Senior Member

    Joined:
    Dec 4, 2006
    Messages:
    4,468
    Likes Received:
    1,181
    Location:
    Bay Area, CA
    My Phone:
    Pixel XL
    Wireless Provider(s):
    Verizon Wireless; MTS
    Not sure if the OP linked article is correct. Here's what the blog post by the actual researcher states.
    The official cert advisory states.
     
  21. palandri

    palandri Former Palm Guy
    Senior Member

    Joined:
    Nov 17, 2009
    Messages:
    1,223
    Likes Received:
    903
    Location:
    Chicago
    My Phone:
    Pixel 7
    Wireless Provider(s):
    Project Fi
    If the malicious MMS isn't auto downloaded, I don't see how it could exploit your phone.
     
  22. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    I'm not so sure. Disabling auto fetch may add some layer of protection according to some, but additionally other researchers are finding that a video inside a web page may download the malicious code as well.

    There are too many 'may' or ' could' out there. These guys need to be more clear. Or are just trying to sell something?

    Anyhow, good post @dmapr. I'll sent you a link video link to download.


    Sent from my iPad using Tapatalk
     
    KevinJames and dmapr like this.
  23. KevinJames

    KevinJames WA's 1st retired mod
    Senior Member

    Joined:
    Oct 2, 2001
    Messages:
    4,044
    Likes Received:
    739
    Location:
    Central Valley NorCA
    My Phone:
    Samsung S7-Edge
    Wireless Provider(s):
    AT&T & Verizon
    @viewfly: I appreciate your point of view, viewfly. I really do. However, I asked myself if taking a precaution was better than no action at all. I felt that, for whatever it was worth, I'd be better off taking this action than taking the position that no matter what I do, nothing will really help. Yes, it is an evil world out there. Yes, with all my caution I may actually die from swallowing a pea or drowning on a glass of water. But I at least want to try my personal best.
     
  24. palandri

    palandri Former Palm Guy
    Senior Member

    Joined:
    Nov 17, 2009
    Messages:
    1,223
    Likes Received:
    903
    Location:
    Chicago
    My Phone:
    Pixel 7
    Wireless Provider(s):
    Project Fi
    I think even after the patch, I will keep Auto Retrieve Of MMS off. There are hackers out there that are bound to find another hole to exploit.
     
  25. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    @KevinJames my point of view is 1) I'd turn off auto download of MMS, 2) I'd still investigate if doing that completely resolved the situation and absolves me of all worry, and 3) be annoyed if my phone doesn't get an Android patch right away.


    Sent from my iPhone using Tapatalk
     
    KevinJames likes this.
  26. KevinJames

    KevinJames WA's 1st retired mod
    Senior Member

    Joined:
    Oct 2, 2001
    Messages:
    4,044
    Likes Received:
    739
    Location:
    Central Valley NorCA
    My Phone:
    Samsung S7-Edge
    Wireless Provider(s):
    AT&T & Verizon
    @viewfly: Agreed.
    Lately I've been reading articles written by heaven-knows-who on various news blogs wherein the writer claims Apple is so much better than Android because they don't have those issues. Apparently the user conveniently forgot about the major hack of iphones back in 2013. Reminds me of how Apple used to claim the same about their computers in contrast to IBM-PC based Windows computers. In the end, it was discovered Apple is just as hackable. Bringing down PC's is just more rewarding to hackers because of the greater number. The sad fact remains that as long as unscrupulous people are in this world, and as the internet continues to expand to "the internet of things," problems will continue to expand. The only real solution is to go "off grid" and become a hermit. LOL
     
    budney likes this.
  27. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    @KevinJames. Down the rabbits hole of iOS vs Android again? Please, no!

    Writers in this episode are commenting on the flawed patch or update model that exists with Google's model: carriers or phone makers like Samsung control updates and also modify stock Android. So patches are slow to arrive, sometimes non existent or never adopted. (Unless you have a Nexus). That's a common complaint even sans malware concerns

    Overbearing Apple has a direct connection to its user base. Patches can be pushed directly and new iOS have quick and high adoption rates.

    From what I read, Microsoft is in a similar league.

    Reread the OP linked news article. The above was really the main concern.

    PS: that 2013 'major iOS hack' required the attachment of a tampered charger cube that had a hidden microcomputer inside it to ones phone. Seriously?


    Sent from my iPhone using Tapatalk
     
  28. rjniles

    rjniles Member
    Senior Member

    Joined:
    Mar 18, 2003
    Messages:
    226
    Likes Received:
    83
    Location:
    Georgetown,South Carolina
    My Phone:
    MOTO E4 Plus
    Wireless Provider(s):
    AT&T
    I would bet that 90% of Android users have never heard of this problem. Or even care. They use the password "password".
     
    charlyee likes this.
  29. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    6,004
    Likes Received:
    858
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    The best password is always 'secret'.


    Sent from my iPad using Tapatalk
     
  30. charlyee

    charlyee Ultimate Insanity
    Super Moderator Senior Member

    Joined:
    Dec 16, 2002
    Messages:
    9,906
    Cell Tower Picture Gallery:
    135
    Likes Received:
    1,586
    Location:
    SE Wisconsin
    My Phone:
    iPhone X
    Wireless Provider(s):
    at&t/Airtel/Turkcell
    I think "password" is a fine password, of course "password111" is better yet. :D

    Seriously, has anyone come across an Android user in real life that is a victim of this or some posting on a forum about a personal experience?

    Just curious and to take it one step further, what have they done after the virus attack?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

Copyright 1997-2023 Wireless Advisor™, LLC. All rights reserved. All registered and unregistered trademarks are the property of their respective holders.
WirelessAdvisor.com is not associated by ownership or membership with any cellular, PCS or wireless service provider companies and is not meant to be an endorsement of any company or service. Some links on these pages may be paid advertising or paid affiliate programs.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice