[PLUG-TALK] Serious Android Vulnerability
alan at clueserver.org
alan at clueserver.org
Tue Jul 28 15:52:39 UTC 2015
> On Mon, Jul 27, 2015 at 06:19:47AM -0700, Rich Shepard wrote:
>> There's a newly discovered Android vulerability that can be exploited
>> by
>> receiving a text message, even if you don't use a specific video
>> application. It will be interesting to see how this plays out.
>>
>> <http://www.npr.org/sections/alltechconsidered/2015/07/27/426613020/major-flaw-in-android-phones-would-let-hackers-in-with-just-a-text>
>
> Besides turning off the phone, how do you tell an Android
> "do not answer text messages?" I don't have a "smart"
> phone (I'm not that stupid) but some of my friends are,
> and I'll probably end up doing their sysadmin for them.
>
> Although updates are supposed to appear by magic, somehow,
> I will suggest keeping text messaging disabled until the
> bugfix for the bugfix appears, and the people responsible
> for firing the people responsible have been fired.
The bug was fixed in the Google source tree within 48 hours of being
reported. The issue is whether your carrier has updated your phone to fix
the bug. (Which is unlikely. Unless you have a real new phone, or a Nexus,
most carriers have pretty much abandoned you. It takes a lot of work to
keep the OS current and with so many hardware models and so short a time
in the marketplace, phones get maybe 6 months of support, if that.)
If you have a current build of Cyanogenmod or some other build that is
current, it is not an issue. I don't know a whole lot of people doing
that. (Other than myself.)
More information about the PLUG-talk
mailing list