Archive for Downsizer For an ethical approach to consumption
 


       Downsizer Forum Index -> IT Matters
vegplot

Android bug

If you own an Android device and haven't recently patched it...

http://www.bbc.co.uk/news/technology-33689399
Hairyloon

Quote:
The flaw can be exploited by sending a photo or video message to a person's smartphone, without any action by the receiver...
Hackers were able to send malicious code within a multimedia message that could access a service within Android called Stagefright.

After Stagefright had been invoked, which required no action from the victim, other data and apps on the handset could be accessed by the malicious code.


OK, so how's that work?
Why is anything running code that is hidden in a picture?

More importantly, how do we know if we have got the patch or not?
dpack

hiding code in images is a classic tactic,i had a lot of bother from an "angry monkey" that contained a very nasty hidden payload and by passed a multi layer "stop nasty things"set up.

it is also a good tactic if one wishes to hide data to encrypt it and put it inside a large image file or better still a movie .
vegplot

http://www.npr.org/sections/alltechconsidered/2015/07/27/426613020/major-flaw-in-android-phones-would-let-hackers-in-with-just-a-text
dpack

awesome hack,i wonder how many hits so far.it would be a bit handy for the ssr or mossad type crew as well as stalkers or fraudsters especially as it has a stealth approach.
RichardW

Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.
vegplot

Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.


Are you suggesting users shouldn't patch and just ignore it? Is that a safe stance to take? I doubt it will go away by ignoring it.

Details of the vulnerability are being released next week expect exploits to start then. It's a vulnerability that has never been patched until now and has potential to cause harm that in itself with worth highlighting.
vegplot

Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.


Are you suggesting users shouldn't patch and just ignore it? Is that a safe stance to take? I doubt it will go away by ignoring it.

Details of the vulnerability are being released next week expect exploits to start then. It's a vulnerability that has never been patched until now and has potential to cause harm that in itself with worth highlighting.
dpack

Reading all of that report is there really a problem?

It was found in a lab using very old android phones & there has never been a single case in the wild of this happening for real.

maybe there are victims who had a gps tracer enabled and have not reported a problem cos they were on the kill list and received a brimstone rather than lost their bank details,just a thought but it is exactly the sort of targeting that has become popular in some circles.
       Downsizer Forum Index -> IT Matters
Page 1 of 1
Home Home Home Home Home