Serious security flaws that could give attackers complete access to a phone's data have been found in software used on tens of millions of Android devices.
The bugs were uncovered by Checkpoint researchers looking at software running on chipsets made by US firm Qualcomm.
Qualcomm processors are found in about 900 million Android phones, the company said.
However, there is no evidence of the vulnerabilities currently being used in attacks by cyberthieves.
"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head of mobility product management at Checkpoint.
"It's always a race as to who finds the bug first, whether it's the good guys or the bad."
Affected devices included:
BlackBerry Priv and Dtek50
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6 and Nexus 6P
HTC One, HTC M9 and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2 and OnePlus 3
US versions of the Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra
Mr Shaulov said six months of work to reverse engineer Qualcomm's code revealed the problems.
The flaws were found in software that handles graphics and in code that controls communication between different processes running inside a phone.
Exploiting the bugs would allow an attacker to gradually be able to take more control over a device and gain access to its data.
Android sculptureImage copyrightAP
The flaws could be used to make booby-trapped apps that steadily gain access to a phone's data
Checkpoint handed information about the bugs and proof of concept code to Qualcomm earlier this year.
In response, Qualcomm is believed to have created patches for the bugs and started to use the fixed versions in its factories.
It has also distributed the patches to phone makers and operators. However, it is not clear how many of those companies have issued updates to customers' phones.
Checkpoint has created a free app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any of the bugs, by looking to see if the patches for them have been downloaded and installed.
In addition, Mr Shaulov said Android owners should only download apps from the official Google Play store to avoid falling victim to malicious programs.
"People should call whoever sold them their phone, their operator or the manufacturer, and beg them for the patches," said Mr Shaulov.
Qualcomm has yet to respond to a request for comment.
Scary stuff - too bad Google can't just roll us out a patch for it
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Here's the result of this scan on a unrooted op3 running stock 3.2.2. so clearly over to one plus.
Source of the article http://www.bbc.co.uk/news/technology-37005226
Franes04 said:
Serious security flaws that could give attackers complete access to a phone's data have been found in software used on tens of millions of Android devices.
The bugs were uncovered by Checkpoint researchers looking at software running on chipsets made by US firm Qualcomm.
Qualcomm processors are found in about 900 million Android phones, the company said..
Click to expand...
Click to collapse
tropicanapure said:
Here's the result of this scan on a unrooted op3 running stock 3.2.2. so clearly over to one plus.
Source of the article http://www.bbc.co.uk/news/technology-37005226
Click to expand...
Click to collapse
I would've linked the source but I didn't have enough posts to add links. Thank you for sharing.
No worries, mate, Google has seen the issue and will release a security patch for it (2015-08-05), check here!
We can only hope OnePlus releases the security patch as soon as possible, or you can just hop on the custom ROM bandwagon since they often have the patch merged day one.
Related
This is what I found brewing over at the droid forums..
http://www.droidforums.net/forum/motorola-droid-bionic/148222-new-bionic-specs.html
A reputable source that works for Verizon has highlighted these specs: (Taken from his tweet)
(The Mobile Panda): "1.5ghz Dual core, 3g svdo, LTE on board, 4.3inch HD display with 1gb ram. 12mp cam in back 2mp in front.. anyone interested?"
Possibly the revamped Droid Bionic to become the Targa. If these specs are true, this should put Big Red back into the game.
What do you all think? Thought I'd spread the news.
I don't understand why so many people are so quick to assume that this rumored upcoming device is the droid bionic. The tweet never stated that this was the bionic, or even a motorola device for that matter.
Second, I highly doubt delayed to receive a few enhancments means 50 more processor, 100% more ram, and different cameras (both front & back).
this seems to me to sound more like htc's timing. They seem to have beat motorola to the punch more often than not lately.
Sub-Standard said:
I don't understand why so many people are so quick to assume that this rumored upcoming device is the droid bionic. The tweet never stated that this was the bionic, or even a motorola device for that matter.
Second, I highly doubt delayed to receive a few enhancments means 50 more processor, 100% more ram, and different cameras (both front & back).
this seems to me to sound more like htc's timing. They seem to have beat motorola to the punch more often than not lately.
Click to expand...
Click to collapse
It is now reliably reported that this is not the specs of the Bionic.
However, I don't understand why you don't understand that the Etna was scrapped and the Bionic is now the Targa. That Moto had problems with LTE plus Tegra 2, and that if you move to a new SOC, why wouldn't it be an increase in all specs and concurrent with SOC's that will be in production the latter half of this year.
"The bionic is now the targa" ??? Again, this is a speculation. Speculations, rumors, oppinions, & a$$ holes all fall in the category...
When people state these rumors as being fact, it just creats chaos on the forums = trolls.
Sub-Standard said:
"The bionic is now the targa" ??? Again, this is a speculation. Speculations, rumors, oppinions, & a$$ holes all fall in the category...
When people state these rumors as being fact, it just creats chaos on the forums = trolls.
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
So am I an a$$ hole or a troll?
I thought they canned the Targa because of battery issues?
lev777 said:
I thought they canned the Targa because of battery issues?
Click to expand...
Click to collapse
No, the original phone that was planned to be the "Bionic" was Motorola xt865 codename "Etna" with Tegra 2. They had problems and scrapped it, apparently due to Tegra 2/LTE issues they were having(probably battery issues also). They took another project in the pipeline, codename "Targa", with TI OMAP 4430, and decided to make that the phone that will be released as "The Bionic"
GBH2 said:
So am I an a$$ hole or a troll?
Click to expand...
Click to collapse
Heh.. BURN!
@ggbh2 do you have it? If so, please tell us what you think.
lev777 said:
@ggbh2 do you have it? If so, please tell us what you think.
Click to expand...
Click to collapse
No, I don't have it - but the info is getting out there now. FCC confidentiality ended so we have some reasonably solid information and Verizon testers have them and the "leaks" are saying it is looking good. You can just google "Motorola Droid Bionic xt875" and you will see there is a lot out there - just look at the info from the past couple of weeks though as it is the most current and accurate.
Truth
These are the specs for the Pantech Vega Racer. It's a Korean phone. Sorry, but I can't post links yet, but it is on engadget.com. The article name is "Pantech cooks up world's first 1.5 GHz dual-core phone, tablet in the works". It is filed under Handsets and written by Brad Molen on May 18th, 2011.
I am thinking of getting a xoom or this phone. I can't decide. I really was hoping for a bigger screen.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The much anticipated Android 4.3 update, released earlier this week, has caused headaches for thousands of Nexus 4 owners as several incompatibility issues emerge.
Signal loss, continuous reboot loops, application bugs and battery life issues are just a few of the myriad of problems reported hours after the update was released.
However, the majority of users on Google’s Product Forum have reported Wi-Fi connectivity issues, which include automatic toggling between enabled and disabled Wi-Fi and the failure of the Wi-Fi icon to appear on the notification window. In more extreme cases, users reported severe overheating and even bricked phones.
The problems have caused dissatisfaction among those affected, some users threatening to switch back to the previous 4.2 firmware.
This is not the first claim of phones overheating this week, as a man’s apartment was set alight after his Galaxy S4 caught on fire, but that was likely caused by fake parts or battery.
It was hoped that the new software would increase productivity by allowing a more efficient multi-user ability, better App control, and higher graphic capabilities in the desired device, through the compatibility of Open GL ES 3.0.
Android engineer Dan Morrill says Google is aware of the issue and is working on a fix, but there was no advice given to rectify the current situation.
Source: Google Product Forums
Click to expand...
Click to collapse
[SOURCE : NeoWin]
Can't say mine is "bursting into flames" or "bricked"....anyone else?
Also if google is "working on a fix", does that mean we'll get a third build which will unite everything in the other two?
LoL.. Google(aka NSA) suck.
Nope no issues with mine at all.. Been perfect!
NOPE been great running Paraandroid 4.3
Yeah, this phone is bursting other phones, especially iPhones into flames
Sent from my Nexus 4 using xda premium
I read a similar article saying that 4.3 has "bricked many Nexus 4's and made countless others utterly unusable."
I don't know where these tech blogs are getting their information but as soon as I saw the article I immediately thought I hadn't heard of a single case of people complaining about 4.3 causing issues with their phones.
they write about hearsay, and complaints from newbies flashing their phones, not really knowing about the right processes and procedures. they just need to write a story, it doesnt have to be researched for accuracy, they write these things to grab attention.
Its blowing the iphonie minds!
Mine bootlooped and wouldn't go past the Google splash. But I think I just downloaded a bad .zip. That's the last time I cut corners and don't bother checking the MD5, in trying to save a few seconds I lost a good 30 minutes and had to factory reset.
Moral of the story: Always check the MD5
My nexus is running fine on 4.3, no issues at all. It's uncommon to see a nexus 4 completely bricked because it just doesn't happen unless you do something like flash a rom that was meant for another phone, unlike androids like my old galaxy s2 that are prone to the infamous 'brick bug'
I knew 4.3 couldn't be trusted.
There are some "forced close" errors with google & 3rd party appz. WiFi (excluding delayed notifications issue) & bt issues are quite gone & battery performance didn't improve much.
That's pretty much sum my experience with 4.3 so far.
The majority of those complaints are the same type who show up here, label themselves a n00b and want you to hold their hand for them. You show them step by step instructions how to do it the right way and they say "lolz dats hard, I f0undz a to00lkit thx anyway bro"...
Fatherboard said:
There are some "forced close" errors with google & 3rd party appz. WiFi (excluding delayed notifications issue) & bt issues are quite gone & battery performance didn't improve much.
That's pretty much sum my experience with 4.3 so far.
Click to expand...
Click to collapse
how did you update? a completely opposite experience here.
Intro
This is a bit different than most postings here, as I'm not providing any binaries to install on your phone and instead providing a simple tool, rattlesnakeos-stack, to build your own OS based on AOSP on a regular basis, with your own signing keys, and your own OTA updates. This probably will be interesting to a small subset of users as it does cost money to run this infrastructure in AWS.
What is RattlesnakeOS
RattlesnakeOS is privacy focused Android OS based on AOSP for Google Pixel phones. It is my migration strategy away from CopperheadOS (hence the name similarity) which is no longer maintained.
Features:
Based on latest AOSP 9.0 (Android P)
Support for Google Pixel, Pixel XL, Pixel 2, Pixel 2 XL
Monthly software and firmware security fixes delivered through built in OTA updater
Maintain verified boot with a locked bootloader just like official Android but with your own personal signing keys
Latest Chromium browser and webview
Latest F-Droid client and privileged extension
Free of Google’s apps and services
What is rattlesnakeos-stack
Rather than providing random binaries of RattlesnakeOS to install on your phone, I've gone the route of creating a cross platform tool, rattlesnakeos-stack, that provisions all of the AWS infrastructure needed to continuously build your own personal RattlesnakeOS, with your own signing keys, and your own OTA updates. It uses AWS Lambda to provision EC2 spot instances that build RattlesnakeOS and upload artifacts to S3. Resulting OS builds are configured to receive over the air updates from this environment. It only costs a few dollars a month to run (see FAQ for detailed cost breakdown).
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
How do I set this up?
Head over to the github repo and take a look at the README for full setup, build, and flashing instructions.
Thank you for this, I have always wanted to try. I am more from the hardware side, I learned machine level code back in the days of Intel 8/16 bit processors. After compilers happened, I got lost
Wow, this is a gem. Thanks!
Can any one upload some photos of that ROM
haninatoon said:
Can any one upload some photos of that ROM
Click to expand...
Click to collapse
It should look identical to Pure AOSP Pie but with Chromium and F-Droid installed, as far as I've seen not one person has even confirmed it booting yet on the reddit, at least Pixel non-XL, we know Pixel XL works
KShion619 said:
It should look identical to Pure AOSP Pie but with Chromium and F-Droid installed, as far as I've seen not one person has even confirmed it booting yet on the reddit
Click to expand...
Click to collapse
You must not have looked very hard, as there are numerous people on reddit (checkout /r/rattlesnakeos) that are up and running and have posted accordingly. I have been using this as my daily driver for over 4 months now without any issues.
KShion619 said:
It should look identical to Pure AOSP Pie but with Chromium and F-Droid installed, as far as I've seen not one person has even confirmed it booting yet on the reddit, at least Pixel non-XL, we know Pixel XL works
Click to expand...
Click to collapse
There has been confirmation of all supported devices working at this point.
how is battery backup?
Has anyone gotten even so much as a security update in recent months? I haven't had an update since March and I'm still on the February security patch. Seems like other flagship phones are at least getting security updates and at least every other month if not even every month for some phones; yet it's been four months for Razer with nothing.
tard24 said:
Has anyone gotten even so much as a security update in recent months? I haven't had an update since March and I'm still on the February security patch. Seems like other flagship phones are at least getting security updates and at least every other month if not even every month for some phones; yet it's been four months for Razer with nothing.
Click to expand...
Click to collapse
Yep that's the state of things. RP1 hasn't had anything in over a year. It got one major update and nothing since. I'm figuring that's what's going to happen with the RP2. As much as I like these two phones I believe they have been my biggest mobile mistake. Hate the fact that I'm still paying for RP2 through att.
Sent from my Razer Phone 2 using XDA Labs
I occasionally comment on Min-Liang Tan's unrelated posts about this very issue
Pretty sure they've abandoned it, because they did the exact same thing with the RP1 - release a few minor updates, then one major one, and then it just stopped. I've asked support, but they said that they have no plans on releasing any security updates - I guess they don't care about security at all?
I know they've abandoned their phone production, cancelling the Razer Phone 3 and sending some of their techs to other divisions while firing the rest. Who knows if they'll have a few guys on to keep up with updates and security patches... ??*
Razer could have bucked the expectations by providing maybe even 18 months of support for this phone.
If they've chosen not to, they've just validated all the naysayers who warned us not to put our trust in Razer.
I'm still really liking the phone, but... March 2019 security patch isn't looking too good at this point.
Hers is the response I got from them on the subject of the missing security patches for my 1000$ paperweight. this is after pointing them to the google webpage for the monthly patches that they could not seem to find or were aware of.
=============================
From: "Razer Support" <[email protected]> <[email protected]>
Sent: Saturday, June 15, 2019 2:08 PM
Thank you for your humble reply.
I really appreciate that you have provide us the details which we required to investigate further on your inquiry. Thank you once again Thomas.
I have studied on the link which you have provide to us and brought for you the best answer. From the link, i have learned that the Update 9.0 Pie security patch for Razer phone 2 will be last update on February 5, 2019.
Android Pie has optimized the application startup and DEX memory usage. It’s not very easy to measure, but Razer claims about an 11% reduction of rewriting DEX files, which by itself will make the overall system perform better and makes the users feel more comfortable. Our engineer team is working hard together with Google to come out with new update as soon as possible.
For your kind information, Android device and chip set manufacturers may also publish security vulnerability details specific to their products such as Google, Huawei, LG, Motorola, Nokia and Samsung at the moment.
I hope you have understand on my explanation. Feel free to contact us back.
Thank you and have a nice day ahead!
Sincerely,
Ken
Razer Technical Support
===============================================
They build a phone, take premium money from you, but aftersale support, they just don't know. They are clueless.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Odesláno z mého Phone 2 pomocí Tapatalk
only hope is that they upgrade it to android Q and enable mainline so the security updates are less of a problem...
After 7 (seven) years of appeals, I've decided to share my story.
https://medium.com/@fragmenteddevel...our-play-store-developer-account-2e7dc828a8af
People can change, and a company shouldn't have the right to say forever.
Change my mind please.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The.Sorcerer said:
After 7 (seven) years of appeals, I've decided to share my story.
https://medium.com/@fragmenteddeveloper/️-google-terminated-your-play-store-developer-account-2e7dc828a8af
People can change, and a company shouldn't have the right to say forever.
Change my mind please.
View attachment 5399847
Click to expand...
Click to collapse
So sorry to know about your issue, and thanks for sharing your story that sure will help other Devs.
Good luck.
Thank you for your kind words.
I hope the review process will get better one day.
In the meantime, if anyone has any further questions I will be happy to answer.
Have you considered switching to iOS store ?
That might be an option, it won't be easy at this stage of my life, but it's an option.
At the time when I started, I was not smart enough to consider this and I did the mistake to put all my eggs in one basket.
Now it's tough, with more than a decade of experience on Android.
Android development is what put the food on the table, and I have a mortgage to pay and a family to support.
The.Sorcerer said:
That might be an option, it won't be easy at this stage of my life, but it's an option.
At the time when I started, I was not smart enough to consider this and I did the mistake to put all my eggs in one basket.
Now it's tough, with more than a decade of experience on Android.
Android development is what put the food on the table, and I have a mortgage to pay and a family to support.
Click to expand...
Click to collapse
Frankly, Google has been doing since 2011.
Better Keyboard disappeared?
Is it just me or has better keyboard disappeared off the market? I had to reflash generic UK and root/go back up to 2.3.3, but when I restored with Titanium Backup, I got the unlocker for Better Keyboard but not the app itself. Now I'm stuck in...
forum.xda-developers.com
IIRC The reason was even pettier than yours.
Bye Bye Better Keyboard 8, Open Home, and anything by Better Android
So, I was looking in the market for better keyboard 8 and couldn't find it. From there, I did a google search and came across their website with this as their top news. here is the link, and I will quote it as well. Better Android Apps Hello everyone, we have to say good-bye this time. Here’s...
www.droidforums.net
It was definitely a red flag for me.
In 2011 the paid apps are what made revenue for the Android Market. The Ad penetration was very low and users were limited.
Another example is ofc YongZh
So Why Were the Yongzh’s Emulators Pulled?
There was much sadness when Android developer, yongzh, had his Market account deleted and line of popular game emulators pulled from the market. Many people were troubled by this news, seeing it as…
androidcommunity.com
Google made a lot of money & goodwill via emulators in the initial days and then they booted out yonghz out .
Now the developers don't have any idea who paid for the apps and who didn't. And basically, the consumers are screwed and developers are harassed.
Also, Google changes its Developer license agreement 3-4 times a year. At any moment any apps can be booted out.
Make no mistake iOS can do the same. But at the very least you can speak to a human who can sort out your affairs. And that 99$ a year is totally worth it.
iOS experience is far more fluid then say 2015 (Been developing for both android and iOS)
Long term it's really wise to move away from Android to say Web or Server Administration.
True