Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Yet another Android vulnerability ...... this one is a doozy  (Read 2476 times)

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Yet another Android vulnerability ...... this one is a doozy
« on: September 10, 2015, 12:57:09 AM »

Download the app to test your Android Phone/Tablet here
https://play.google.com/store/apps/details?id=com.checkpoint.capsulescanner&hl=en

Article in 'The Register':
Mobile device screens recorded using the Certifi-gate vulnerability
Vulnerable plug-ins have been installed on hundreds of thousands of Android devices, allowing screens to be recorded, according to data from the scanning tool which discovered that the so-called Certifi-gate vulnerability is already being exploited in the wild.

Gets worse, read article.
http://www.theregister.co.uk/2015/08/25/certifi_gate_vulnerability_exploited/
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4181
Re: Yet another Android vulnerability ...... this one is a doozy
« Reply #1 on: September 10, 2015, 06:31:59 AM »

The writer of that article is clearly into Apple and not Android, you jail break an iPhone and root an Android phone.

Nevertheless it's still yet another problem with Android. I really need to get around to updating the os on my phone. 
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

AArdvark

  • Kitizen
  • ****
  • Posts: 1008
Re: Yet another Android vulnerability ...... this one is a doozy
« Reply #2 on: September 10, 2015, 08:05:51 AM »

Quote
The writer of that article is clearly into Apple and not Android, you jail break an iPhone and root an Android phone.

I know  ;D

The real problem is hidden in the article.
The original apps have been removed from the Google & Amazon app stores but the methods they used are built into Android.
As stated all you need to do is emulate the apps and you get access.
It is the classic hack of misusing feature(s) for purposes never intended.

Why do developers and designers of these apps/OSes always assume that features will never be misused. ?

It is a bit like having a big button labelled 'Do not press' ...... it will always be pressed because it can be.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6724
Re: Yet another Android vulnerability ...... this one is a doozy
« Reply #3 on: September 10, 2015, 09:46:36 PM »

I had my first stagefright hack attempt today, a picture message from a unknown contact.

Android needs fixing.  The whole eco system in how updates are distributed is broken.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5347
Re: Yet another Android vulnerability ...... this one is a doozy
« Reply #4 on: September 10, 2015, 11:32:36 PM »

I'm not trying to turn this into an Apple/Android debate, but worth pointing out one difference twixt the two that IMHO is relevant...

.. It is Apple's 'review' process.   For developers (I am one) it is a bit of a PITA, you submit your App and then wait some indeterminate time, usually a week or so but maybe more, while Apple's reviewers decide whether it is fit for the App Store.   One thing, among many, they may check is for linkage to undocumented APIs ('back doors') which would lead to rejection.

For sure, it may still be possible to get a dodgy App approved, if you catch them off guard.  But the fact that they actually check every submission in some detail is a strong disincentive against dev's attempting anything naughty.
Logged
 

anything