Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsAndroidSecurity hole in Android puts 1 billion people at risk


Webhead
2177 posts

Uber Geek
+1 received by user: 723

Moderator
Trusted
Lifetime subscriber

Topic # 161699 16-Jan-2015 14:40
Send private message

This is scary. http://www.engadget.com/2015/01/14/google-security-bug-billion-android-phones/

Apparently its a problem for all versions of Android 4.3 and lower. Which would include Samsung Galaxy S3.

Seems like the problem of fragmentation has really come back to bite Android in the behind?




Jarle on Twitter - Senson NZ - WordPress experts

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
4123 posts

Uber Geek
+1 received by user: 842
Inactive user


  Reply # 1216151 16-Jan-2015 14:54
Send private message

Wow didnt realise that Android is up to around 1.6 Billion users.

3542 posts

Uber Geek
+1 received by user: 2008

Trusted
Lifetime subscriber

  Reply # 1216152 16-Jan-2015 15:03
Send private message

Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.




Information wants to be free. The Net interprets censorship as damage and routes around it.

 
 
 
 


2091 posts

Uber Geek
+1 received by user: 849


  Reply # 1216157 16-Jan-2015 15:17
Send private message

Lias: Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.


Good luck with that - the bug doesn't prevent it from being able to call/text and use apps/data.

Would be more like your car's door lock has an identified fault that makes it easy to open without the key.

4123 posts

Uber Geek
+1 received by user: 842
Inactive user


  Reply # 1216168 16-Jan-2015 15:30
Send private message

Lias: Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.


Or a crim breaking in by exploiting the window vulnerability :)

14360 posts

Uber Geek
+1 received by user: 2608

Trusted
Subscriber

  Reply # 1216180 16-Jan-2015 16:06
Send private message

Vendors are often the problem - Google can update the OS but customisation can limit who gets what. My S4 isn't that old and still doesn't have Android 5.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

13697 posts

Uber Geek
+1 received by user: 6433

Trusted
Subscriber

  Reply # 1216185 16-Jan-2015 16:16
Send private message

timmmay: Vendors are often the problem - Google can update the OS but customisation can limit who gets what. My S4 isn't that old and still doesn't have Android 5.


only about 1% of devices have Android 5 so far. 




Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

 Mac user, Windows curser, Chrome OS desired.

 

A Tiger in Africa, probably escaped from the Zoo.

 

 

597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 1216188 16-Jan-2015 16:27
One person supports this post
Send private message

Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

As for the OP, a simple solution is to root the phone and use a community released update. I've been doing that for the old S3 that I gave to my mum. Currently runs Android 4.4 Samsung firmware backported to the S3.




Regards
Stefan Andres Charsley

6401 posts

Uber Geek
+1 received by user: 1133

Trusted
Lifetime subscriber

  Reply # 1216190 16-Jan-2015 16:30
Send private message

charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

What about when Google is the manufacturer (Nexus)? My mum's Nexus is still on 2.3, which is presumably affected since it's below 4.4.



Webhead
2177 posts

Uber Geek
+1 received by user: 723

Moderator
Trusted
Lifetime subscriber

  Reply # 1216191 16-Jan-2015 16:32
Send private message

charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

As for the OP, a simple solution is to root the phone and use a community released update. I've been doing that for the old S3 that I gave to my mum. Currently runs Android 4.4 Samsung firmware backported to the S3.


My problem is that the Samsung S3 is with my very non-tech-savy dad in Norway, while I am here in NZ. So getting it rooted won't be happening until I am back visiting next (norwegian) summer.

Maybe Samsung has fixed it by june, but it wouldn't surprise me much if they didn't.




Jarle on Twitter - Senson NZ - WordPress experts

597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 1216195 16-Jan-2015 16:38
Send private message

Behodar:
charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

What about when Google is the manufacturer (Nexus)? My mum's Nexus is still on 2.3, which is presumably affected since it's below 4.4.


Google doesn't manufacture any of their devices.




Regards
Stefan Andres Charsley

597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 1216197 16-Jan-2015 16:43
Send private message

jarledb:
charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

As for the OP, a simple solution is to root the phone and use a community released update. I've been doing that for the old S3 that I gave to my mum. Currently runs Android 4.4 Samsung firmware backported to the S3.


My problem is that the Samsung S3 is with my very non-tech-savy dad in Norway, while I am here in NZ. So getting it rooted won't be happening until I am back visiting next (norwegian) summer.

Maybe Samsung has fixed it by june, but it wouldn't surprise me much if they didn't.


That's true, I guess until you manage to get your hands on the device you can advise him on what apps to use and what apps to stay away from.

The vulnerability is limited to WebView controls used in apps.

Also rooting the a Galaxy S3 is quite simple now and it is actually possible to guide him through the process by Skype or phone.




Regards
Stefan Andres Charsley

13697 posts

Uber Geek
+1 received by user: 6433

Trusted
Subscriber

  Reply # 1216202 16-Jan-2015 17:00
Send private message

Its this sort of thing that makes me come and go from Android. 




Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

 Mac user, Windows curser, Chrome OS desired.

 

A Tiger in Africa, probably escaped from the Zoo.

 

 

2864 posts

Uber Geek
+1 received by user: 684

Trusted
Lifetime subscriber

  Reply # 1216242 16-Jan-2015 17:46
Send private message

Security bugs are always around for all OS's so its nothing new. So what is the extent of the damage done thus far or is it just that it "can" be exploited.

Seems to be conflicting information as to what versions are affected as well

"The flaws in this case affect Android 4.1 to 4.3, aka Jelly Bean, which began shipping in mid-2012 and was the primary version of Android through late 2013, or roughly 14 months ago. Up until quite recently, Google has aggressively patched problems in Android’s WebView rendering engine. Before KitKat (Android 4.4), all versions of Android used the version of WebView found within the Android Browser for rendering HTML webpages. With KitKat and Lollipop, Google updated the operating system to use a WebView plugin derived from its Chromium project."

Source


always love the scaremongering that goes on when this happens wink




Galaxy S8

 

Garmin  Vivoactive 3

5029 posts

Uber Geek
+1 received by user: 1370

Trusted
Microsoft

  Reply # 1216340 16-Jan-2015 21:23
Send private message

kiwitrc: Wow didnt realise that Android is up to around 1.6 Billion users.


1.15 billion Android devices shipped in 2014 alone.

5029 posts

Uber Geek
+1 received by user: 1370

Trusted
Microsoft

  Reply # 1216341 16-Jan-2015 21:24
Send private message

Lias: Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.


Microsoft or carriers shafting?

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.