Stagefright: end of days or no big deal?

Discussion in 'Android OS' started by Mitlov, Aug 7, 2015.

  1. Mitlov

    Mitlov Shiny

    Messages:
    2,524
    Likes Received:
    2,190
    Trophy Points:
    288
    Ron Amadeo, long-time Android fanboy, has written a pretty apocalyptic op-ed in light of Stagefright: http://arstechnica.com/gadgets/2015/08/waiting-for-androids-inevitable-security-armageddon/

    The Verge, long-time Android haters and Apple lovers, wrote an optimistic op-ed about how this is changing Android for the better: http://www.theverge.com/2015/8/5/9099627/google-stagefright-android-vulnerability-protect-patch

    Now, this situation has me worried that a goateed Spock will use an "agonizer device" on somebody. Opposite-world issues aside, I'm really not sure what to think. Is this a big frickin' deal that should have me contemplating an exit from the Android universe? Or just tech blogs drumming up panic as clickbait?
     
  2. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,497
    Likes Received:
    21,478
    Trophy Points:
    288
    Mitlov and Hook like this.
  3. Mitlov

    Mitlov Shiny

    Messages:
    2,524
    Likes Received:
    2,190
    Trophy Points:
    288
    Done. Thanks for the head's up.
     
    RickAgresta likes this.
  4. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,497
    Likes Received:
    21,478
    Trophy Points:
    288
  5. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,497
    Likes Received:
    21,478
    Trophy Points:
    288
    Also affecting Android phones: Certifi-gate:

    Forget Stagefright, Certifi-Gate vulnerability allows for complete remote control of Android phones
    There have been numerous stories in recent days about the threat posed by Stagefright to Android users. A more serious threat has been revealed at Black Hat USA 2015, however -- one that affects hundreds of millions of Android devices. Known as Certifi-gate, a vulnerability has been found in Remote Support Tools which could allow for hackers to take full control of phones.

    The security issue was discovered by Check Point, who has notified handset manufacturers of the vulnerability, and launched an app that you can use to see if your handset is affected. Stagefright led to many handset manufacturers announcing a switch to monthly security updates, and some have already issued a fix for Certifi-gate.

    Certifi-gate is a set of vulnerabilities in the authroization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner.

    Check Point researchers examined the verification methods by which trusted components of the mRSTs validate remote support applications, and discovered numerous faulty exploitable implementations of this logic. This allows mobile platform attackers to masquerade as the original remote supporter with system privileges on the device.

    full article here : http://betanews.com/2015/08/07/forg...or-complete-remote-control-of-android-phones/

    link to checker app on play store:
    https://play.google.com/store/apps/details?id=com.checkpoint.capsulescanner&hl=en
     
  6. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,497
    Likes Received:
    21,478
    Trophy Points:
    288
  7. Hook

    Hook Have keyboard, will travel

    Messages:
    20,214
    Likes Received:
    13,443
    Trophy Points:
    288
    By the way, on the latest DU, scanners indicate no vulnerability to either Stagefright or Certifi-gate. On my Samsung Tablet, I'm vulnerable to both (although Stagefright is trivial since I don't have a texting app or cell modem). As soon as Samsung patches the base, IronRom will probably incorporate the fixes.

    That's what's great about AOSP ROMs. If Google supplies patches, they are incorporated immediately.
     
    Last edited: Aug 8, 2015
    RickAgresta and jigwashere like this.

Share This Page