Posted on 07/27/2015 11:42:33 AM PDT by bkopto
Vulnerabilities discovered in the Stagefright media playback engine that is native to Android devices could be the mobile worlds equivalent to Heartbleed. Almost all Android devices contain the security and implementation issues in question; unpatched devices are at risk to straightforward attacks against specific users that put their privacy, data and safety at risk.
Google has patched internal code branches, but devices require over-the-air updates and given the shaky history of handset manufacturers and carriers pushing out security fixes, its unknown how long it will take to update vulnerable devices, or whether some will ever get fixed.
SNIP
Drake estimates that 950 million Android devices could be exposed by the half-dozen bugs and implementation issues hes expected to detail in a presentation next week during the Black Hat conference in Las Vegas.
(Excerpt) Read more at threatpost.com ...
I have an old Galaxy Tab 2 for Chromecast videos and for FR when I’m not on a PC.
I’m not too worried. I do nothing fancy or personal on it as it can barely do much right now being so old.
No, I didn't say that. google's slogan was "Don't Be Evil"
Note the birkenstocks...
Given the Android devices I have are all less than 2 years old, I'd be guessing that an update is coming soon. My Samsung Galaxy 4 cell and Galaxy Note 4 both received several security patches recently. Have to power up the Asus tablets and see if they have anything waiting.
Yeah, I hope my life gets less boring too.... and "interesting times" indeed.
Thanks. I just checked and no updates available.
So you did. I swear, I'd NEVER seen or heard that before.
Blackberry is in talks to license its security software to Samsung.
They weren't. They were asserting that they weren't evil, the same way the clinton administration asserted that they were the most ethical administration ever, or the obama administration is the most transparent evah...
Your choice, but as I mentioned above in #20, it's surprising how a little seemingly innocent information can be used and exploited by sufficiently motivated hackers.
I would hate to see a fellow FReeper harmed, so I encourage you to take precautions, assuming your device's manufacturer comes out with a patch. If they don't because it's too old, I will hope for the best for you and it.
Not to worry, no offense taken. One can’t know everything!
> They weren't...
Actually, according to the Wikipedia article I linked above, they were indeed taking a shot at their competitors who were (relatively speaking, back then) doing more nefarious things.
However, Google lost their right to throw stones pretty quickly, and now they are, by their own definition, doing evil.
What? Pride goeth before a fall?? You don't say....
Thanks for that. Wasn't trying to offend and glad you didn't take it that I was. I can see how that could've been misinterpreted due to my bad choice of words and how I framed them.
Ah. Thanks!
Oh I’m ready to retire it in a few weeks for a cheap Windows tablet, but I’ll try to limit my use until I can see if there is some patch (not expecting much).
Already texted two article to my son. He just got a new Galaxy a week ago. I know that because I drove 300 miles round trip to deliver it to him.
If you want on or off the Mac Ping List, Freepmail me.
Thanks for the ping Swordmaker.
This vulnerability reveals one of the biggest of all issues with the Android operating system - that most devices use customized versions that the user cannot update themselves. The manufacturer/distributor of the specific hardware has to push out updates - and they, as the article mentions, already tend to drag their feet on said updates - even the biggest names in such devices... Add to it- there are millions of “off-brand” android devices in consumer hands that will likely NEVER see an update to fix this (or any other issues).
It would be like if every single manufacturer had to push out Windows updates to consumer computers - and with a special, customized version for each model by each manufacturer - Dell would have to engineer dozens of versions of the OS just to cover THEIR hardware... then think of the many different makers...
Sometimes, the “wide-open”/open-source concept can bit you in the butt....
Understand that “android” is a very generic concept - that runs on such a humongous variety of hardware bits... not just phones and tablets, but several “netbook” computers, and a plethora of devices - watches, some cameras, and so much more - open source=cheap (at least until something makes you have to engineer firmware updates for a dozen different devices at once...)
Of course - this article also inflates the number because it is assuming that every android-based device ever sold or made is still operational and in use among consumers today. I can vouch for a few that are no longer functional myself... and all those millions of dead, drowned, destroyed smart phones - but they are counted in the number...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.