Android Stagefright Bug Required 115 Patches, Millions Still At Risk (eweek.com) 50
eWeek reports that "hundreds of millions of users remain at risk" one year after Joshua Drake discovered the Stagefright Android flaw. Slashdot reader darthcamaro writes: A year ago, on July 27, 2015 news about the Android Stagefright flaw was first revealed with the initial reports claiming widespread impact with a billion users at risk. As it turns out, the impact of Stagefright has been more pervasive...over the last 12 months, Google has patched no less than 115 flaws in Stagefright and related Android media libraries. Joshua Drake, the researcher who first discovered the Stagefright flaw never expected it to go this far. "I expected shoring up the larger problem to take an extended and large effort, but I didn't expect it to be ongoing a year later."
Drake believes targeted attacks use Stagefright vulnerabilities on unpatched systems, but adds that Android's bug bounty program appears to be working, paying out $550,000 in its first year.
Drake believes targeted attacks use Stagefright vulnerabilities on unpatched systems, but adds that Android's bug bounty program appears to be working, paying out $550,000 in its first year.
And yet... (Score:3, Informative)
...My Galaxy S4 has received NONE of these updates.
Thanks, Sprint!
Re: (Score:2, Interesting)
As much as I really hate Sprint and think they're easily the worst carrier by a cubic lightyear, that's more likely to be a Samsung problem. Samsung is downright shameful when it comes to updates, and furthermore they're the single biggest reason why iPhone lovers and other pundits think Android is buggy and laggy. I owned a Galaxy Note 4, and after that I'll never buy another Samsung phone again.
Re: (Score:1)
As for iPhones, people talk about Apple has never has had a security hole in the wild that has affected anything but jailbroken devices.
Apple has had plenty of security breaches in iOS, including one really big one that they still aren't even sure if they've cleaned up yet.
https://nakedsecurity.sophos.c... [sophos.com]
Re: (Score:2)
My unsupported Tab 10.1 is what put me in the same camp as you in regard to Samsung. The one and only update Samsung provided for it resulted in a bug that would cause any app to crash if you tried to copy anything you highlighted. Fixing that required rooting it so I could delete a corrupt database file - which I knew how to do because so many other people had the same problem. I might as well have just burned the money for all the use I got out of it (that wasn't the only flaw in the thing, just the worst
Re: (Score:2)
Re: (Score:2)
Even worse is when OEMs lock their phones so you cant install custom firmware from third parties that actually incorporates security fixes like this.
Re: (Score:3, Informative)
So only a handful of the patches are needed to avoid the exploits. The rest are general cleanup
Re: (Score:2)
Re: And yet... (Score:2)
Buy a Nexus!
Pure Google and monthly updates and no lag whiz or carrier crap. I love my 6p
So far...... (Score:2)
Android Stagefright Bug Required 115 Patches....
.....so far. Where there 115 patches, there is one more un-patched bug.
No surprise here (Score:1)
Re: (Score:1)
Lazy phone makers don't bother upgrading the OS on non flag ship models
But the flagship you buy today will not stay the flagship for long.
Re: No surprise here (Score:1)
Re: (Score:1, Troll)
Strangely, cheaper = more secure in this case (Score:3, Informative)
It is very strange that while Samsung phones that me and my wife used to have had were not updated much (especially the non-flagship devices), from the moment I tried the cheap Chinese Xiaomi I've been enjoying continuous updates to all devices, from flagship to budget (and this, along with other reasons, is why I am sticking with Xiaomi for the time being). E.g. your phone will be running Android 6.0.1 whether you have the latest flagship (Mi 5), or the previous flagship (Mi 4) or the flagship before that (Mi 3 from 2013) or their cheapest device from 2 years ago (Redmi 1S) etc. And all these cost 1/2 to 1/3 the price of the equivalent Samsung/LG etc.
So, in this case buying "cheap Chinese" means you are the most protected from such issues. Yes, I know Xiaomi does not sell to most countries, I had to order it from a Chinese e-tailer who had an EU warehouse. And if you order from a Chinese e-tailer, whatever brand the phone it is almost guaranteed to be full of adware and spyware so your first move would be a clean install. Which is surprisingly easy on a Xiaomi, in fact you don't even have to use a PC - you can just go to the Xiaomi website to download the latest version, rename the file per the instructions, reboot in recovery mode and clean-install it! They even have dual boot - keeping a clean OS in case you screw up your regular installation.
Sorry for the "ad", but I can't believe I have paid up to $600 in the past (or more if we include phones my company has provided me like the iPhone 6 Plus), when a $200-$250 phone has proved better IMHO in both hardware and software...
Re: (Score:3, Interesting)
Based upon this post alone I am scared of those phones: http://forum.xda-developers.co... [xda-developers.com]
But I really don't have enough knowledge to know.
Re: (Score:2)
Well, that post is before Xiaomi turned the default of the "data sharing to improve experience" to off (you could set it to off yourself before) and also use of free services like the Mi cloud do share your details with Xiaomi as you should expect. But, for example, Microsoft sends more data, even if you say "no" to everything according to reports. And Xiaomi releases the kernel source of their OS, which is something Microsoft and Apple don't do. So I sort of take it for granted that whatever phone I have s
Silence (Score:1)
install and change it to be the default SMS/MMS app, open settings and disable auto-retrieving media messages
https://f-droid.org/repository... [f-droid.org]