Security hole in Android puts 1 billion people at risk

Forums › Android › Security hole in Android puts 1 billion people at risk

jarledb

Webhead
3319 posts

Uber Geek
+1 received by user: 1983

Moderator

ID Verified

Trusted

Lifetime subscriber

#161699 16-Jan-2015 14:40

This is scary. http://www.engadget.com/2015/01/14/google-security-bug-billion-android-phones/

Apparently its a problem for all versions of Android 4.3 and lower. Which would include Samsung Galaxy S3.

Seems like the problem of fragmentation has really come back to bite Android in the behind?

Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.

1 | 2

4123 posts

Uber Geek
+1 received by user: 833
Inactive user

#1216151 16-Jan-2015 14:54

Wow didnt realise that Android is up to around 1.6 Billion users.

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#1216152 16-Jan-2015 15:03

Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

wasabi2k

2102 posts

Uber Geek
+1 received by user: 860

#1216157 16-Jan-2015 15:17

Lias: Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.

Good luck with that - the bug doesn't prevent it from being able to call/text and use apps/data.

Would be more like your car's door lock has an identified fault that makes it easy to open without the key.

kiwitrc

4123 posts

Uber Geek
+1 received by user: 833
Inactive user

#1216168 16-Jan-2015 15:30

Lias: Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.

Or a crim breaking in by exploiting the window vulnerability :)

timmmay

20859 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#1216180 16-Jan-2015 16:06

Vendors are often the problem - Google can update the OS but customisation can limit who gets what. My S4 isn't that old and still doesn't have Android 5.

MikeB4

MikeB4
18775 posts

Uber Geek
+1 received by user: 12766

ID Verified

Trusted

Subscriber

#1216185 16-Jan-2015 16:16

timmmay: Vendors are often the problem - Google can update the OS but customisation can limit who gets what. My S4 isn't that old and still doesn't have Android 5.

only about 1% of devices have Android 5 so far.

Here is a crazy notion, lets give peace a chance.

Lego

Shop now for Lego sets and other gifts (affiliate link).

charsleysa

597 posts

Ultimate Geek
+1 received by user: 125

#1216188 16-Jan-2015 16:27

Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

As for the OP, a simple solution is to root the phone and use a community released update. I've been doing that for the old S3 that I gave to my mum. Currently runs Android 4.4 Samsung firmware backported to the S3.

Regards
Stefan Andres Charsley

Behodar

11101 posts

Uber Geek
+1 received by user: 6089

Trusted

Lifetime subscriber

#1216190 16-Jan-2015 16:30

charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

What about when Google is the manufacturer (Nexus)? My mum's Nexus is still on 2.3, which is presumably affected since it's below 4.4.

jarledb

Webhead
3319 posts

Uber Geek
+1 received by user: 1983

Moderator

ID Verified

Trusted

Lifetime subscriber

#1216191 16-Jan-2015 16:32

charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

As for the OP, a simple solution is to root the phone and use a community released update. I've been doing that for the old S3 that I gave to my mum. Currently runs Android 4.4 Samsung firmware backported to the S3.

My problem is that the Samsung S3 is with my very non-tech-savy dad in Norway, while I am here in NZ. So getting it rooted won't be happening until I am back visiting next (norwegian) summer.

Maybe Samsung has fixed it by june, but it wouldn't surprise me much if they didn't.

charsleysa

597 posts

Ultimate Geek
+1 received by user: 125

#1216195 16-Jan-2015 16:38

Behodar:
charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

What about when Google is the manufacturer (Nexus)? My mum's Nexus is still on 2.3, which is presumably affected since it's below 4.4.

Google doesn't manufacture any of their devices.

Regards
Stefan Andres Charsley

charsleysa

597 posts

Ultimate Geek
+1 received by user: 125

#1216197 16-Jan-2015 16:43

jarledb:
charsleysa: Google said it is up to the manufacturers to release a patch for their devices since they no longer do updates for 4.3 and lower.

As for the OP, a simple solution is to root the phone and use a community released update. I've been doing that for the old S3 that I gave to my mum. Currently runs Android 4.4 Samsung firmware backported to the S3.

My problem is that the Samsung S3 is with my very non-tech-savy dad in Norway, while I am here in NZ. So getting it rooted won't be happening until I am back visiting next (norwegian) summer.

Maybe Samsung has fixed it by june, but it wouldn't surprise me much if they didn't.

That's true, I guess until you manage to get your hands on the device you can advise him on what apps to use and what apps to stay away from.

The vulnerability is limited to WebView controls used in apps.

Also rooting the a Galaxy S3 is quite simple now and it is actually possible to guide him through the process by Skype or phone.

Regards
Stefan Andres Charsley

AliExpress

Shop now on AliExpress (affiliate link).

MikeB4

MikeB4
18775 posts

Uber Geek
+1 received by user: 12766

ID Verified

Trusted

Subscriber

#1216202 16-Jan-2015 17:00

Its this sort of thing that makes me come and go from Android.

Here is a crazy notion, lets give peace a chance.

jeffnz

2870 posts

Uber Geek
+1 received by user: 666

Trusted

Lifetime subscriber

#1216242 16-Jan-2015 17:46

Security bugs are always around for all OS's so its nothing new. So what is the extent of the damage done thus far or is it just that it "can" be exploited.

Seems to be conflicting information as to what versions are affected as well

"The flaws in this case affect Android 4.1 to 4.3, aka Jelly Bean, which began shipping in mid-2012 and was the primary version of Android through late 2013, or roughly 14 months ago. Up until quite recently, Google has aggressively patched problems in Android’s WebView rendering engine. Before KitKat (Android 4.4), all versions of Android used the version of WebView found within the Android Browser for rendering HTML webpages. With KitKat and Lollipop, Google updated the operating system to use a WebView plugin derived from its Chromium project."

Source

always love the scaremongering that goes on when this happens

Galaxy S10

Garmin Fenix 5

nathan

5695 posts

Uber Geek
+1 received by user: 1630
Inactive user

#1216340 16-Jan-2015 21:23

kiwitrc: Wow didnt realise that Android is up to around 1.6 Billion users.

1.15 billion Android devices shipped in 2014 alone.

nathan

5695 posts

Uber Geek
+1 received by user: 1630
Inactive user

#1216341 16-Jan-2015 21:24

Lias: Nice to know Microsoft isn't the only company who shafts its phone OS users :-)

Hrrmm I wonder if you could lodge a CGA complaint and get your phones replaced now that the device is no longer fit for purpose. If a car manufacturer found a defect in a billion cars and was all "Nah mate, not fixing it, just buy a new one" they would be crucified by the government.

Microsoft or carriers shafting?

1 | 2