Google Acknowledges Vulnerability in Millions of Android Devices; Promises Fix

Discussion in 'Off-Topic' started by Sefie, Mar 24, 2016.

  1. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    Millions of Android smartphones and tablets are vulnerable to security attacks, Google has warned. The vulnerability, if exploited, gives an app unfettered root access, circumventing various Android security layers. The Mountain View-based company has made available a patch to OEMs, and says it is currently working on a fix for the Nexus lineup.

    Security researchers spotted an app in the Google Play, Android's marquee app store, which tries to leverage the vulnerability. Android inherited the flaw from Linux years ago. Interestingly, Linux developers fixed the bug in 2014, and it was later on flagged as a vulnerability - identified as CVE-2015-1805 - early last year.

    http://gadgets.ndtv.com/mobiles/new...llions-of-android-devices-promises-fix-817170
     
    Sefie, Mar 24, 2016
    #1
  2. Sefie

    c3300

    Joined:
    Mar 18, 2016
    Messages:
    33
    Likes Received:
    10
    That vulnerability is worrying, given that Google have stated their intention to roll out Android Pay in the UK later this year,

    http://www.cnet.com/uk/news/googles-android-pay-coming-to-the-uk-in-the-next-few-months/

    If a phone can be used to pay in the same way as a contactless card, and this vulnerability allows an app to circumvent security and access data, then details cloning becomes both likely and, worse, possibly unecessary. With the escalated priviledges possible through the hack, there would be a risk of hostile or backdoor code in an app making transactions without user approval or knowledge.
     
    c3300, Mar 24, 2016
    #2
  3. Sefie

    IBMPC8088

    Joined:
    Feb 1, 2016
    Messages:
    371
    Likes Received:
    145
    'Snake acknowledges venom in fangs. Promises not to bite prey.'

    I think that's what I just read from the news article on it. This is why I tell my bank to tell me another funny joke when they insist that I should start using their mobile app to make things 'easier'. I told them I don't want it 'easier', it doesn't get any 'easier' than logging in from a browser on a secure machine. I want it more secure from outside attacks and threats to the system before I even consider anything like that, and I get a stare back like deer in headlights.

    The problems with the OS itself for Android and iPhone is why I cannot, and will not, use any mobile devices for banking or anything of a personal or sensitive nature whatsoever.
     
    IBMPC8088, Mar 25, 2016
    #3
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.