![\"\"](\"https:\/\/sodpit.com\/wp-content\/uploads\/2015\/07\/stagefright_v2_breakdown-e1438001259526-1024x266.jpg\" "\\"\\"")
<\/p>\n<\/p>\n
Update HERE:\u00a0https:\/\/sodpit.com\/2015\/08\/07\/stagefright-update\/<\/a><\/p>\n No device is secure and Google has proven that Android is no exception. \u00a0Google has sent fixes for some of these problems to device manufacturers and cell phone carriers. They blame the manufacturers and carriers for long delays in pushing these fixes to their users – which is true – BUT…\u00a0the manufacturers and carriers didn’t write the code OR cause ANY of these problems.<\/p>\n I won’t be signing up for Android Auto any time soon.<\/p>\n Here are some of the most recent vulnerabilities\u2026<\/p>\n (I will follow up when I have more time)<\/p>\n <\/p>\n \u201cMatroska\u201d Vulnerability (Low Priority)<\/strong> \/ Affects 50% of Android devices used today Trend Micro Discovers Vulnerability That Renders Android Devices Silent<\/a><\/p>\n Can cause: \u201cNo ring tone, text tone, or notification sounds can be heard. The user will have have no idea of an incoming call\/message, and cannot even accept a call. Neither party will hear each other. The UI may become very slow to respond, or completely non-responsive. If the phone is locked, it cannot be unlocked.\u201d<\/p>\n Mitigation: \u201cStagefright\u201d Hack (Severe)<\/strong> \/ Affects 95% of Android devices used today Information: Possible Mitigation: \u201cSwiftKey\u201d Vulnerability (Very\u00a0Low Severity)<\/strong> \/ Samsung Stock Keyboard Security Risk Samsung Keyboard Security Risk Disclosed: Over 600M+ Devices Worldwide Impacted (nowsecure.com)<\/a> I’m marking this one as Very Low Severity since it would almost be impossible for this exploit to work:\u00a0“A\u00a0user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device. This access is then only possible if the user\u2019s keyboard is conducting a language update at that specific time, while connected to the compromised network.<\/a>”<\/p>\n Samsung’s Response…<\/a><\/p>\n If the flaw in the keyboard is exploited, an attacker could remotely: Mitigation: \u201cFakeID\u201d Vulnerability (Severe) Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications, Puts All Android\u2026<\/a><\/p>\n \u201c\u2026Allows a malicious application to inject Trojan horse code (in the form of a webview plugin) into other apps, which leads to taking control of the entire app, all of the apps\u2019s data, and being able to do anything the app is allowed to do.\u201d<\/p>\n Mitigation: \u201cMaster Key\u201d Exploit (Severe) Android Master Key Exploit \u2013 Uncovering Android Master Key\u2026<\/a><\/p>\n \u201cInstallation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these \u201czombie\u201d mobile devices to create a botnet.\u201d<\/p>\n Mitigation: Update HERE:\u00a0https:\/\/sodpit.com\/2015\/08\/07\/stagefright-update\/ No device is secure and Google has proven that Android is no exception. \u00a0Google has sent fixes for some of these problems to device manufacturers and cell phone carriers. They blame the manufacturers and carriers for long delays in pushing these fixes to their users – which is true – BUT…\u00a0the manufacturers and … Continue reading Android in 2015?<\/span>
\n
\nJuly 29, 2015<\/p>\n
\nNone so far. Reboot to fix.<\/p>\n
\n
\nJuly 27, 2015<\/p>\n
\nExperts Found a Unicorn in the Heart of Android<\/a><\/p>\n
\nMake sure to disable all the ‘Auto-Download’ features for MMS in your messaging apps (Hangouts, Messaging, etc.)<\/a>
\nIt\u2019s too early to know as the vulnerability isn\u2019t public; there are no tests or patches available.<\/p>\n
\n
\nJune 16, 2015<\/p>\n
\nRemote Code Execution as System User on Samsung Phones (nowsecure.com)<\/a><\/p>\n
\n1 – Access sensors and resources like GPS, camera and microphone
\n2 – Secretly install malicious app(s) without the user knowing
\n3 – Tamper with how other apps work or how the phone works
\n4 – Eavesdrop on incoming\/outgoing messages or voice calls
\n5 – Attempt to access sensitive personal data like pictures and text messages<\/p>\n
\nThe Samsung SwiftKey Vulnerability \u2013 What You Need To Know, And How To Protect Yourself<\/a><\/p>\n
\n
\n<\/strong>July 29, 2014<\/p>\n
\nBluebox Security Scanner for Android<\/a>
\nTest if your system is vulnerable or patched to any of the “Fake ID” or “Master Key” security flaws affecting most Android devices<\/p>\n
\n
\n<\/strong>July 3, 2013<\/p>\n
\nBluebox Security Scanner for Android<\/a>
\nTest if your system is vulnerable or patched to any of the “Fake ID” or “Master Key” security flaws affecting most Android devices<\/p>\n
\n","protected":false},"excerpt":{"rendered":"