So you think you locked your Android phone?

Started by Gary, Dec 13, 2013, 09:50:30

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Gary

Dec 13, 2013, 09:50:30
Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users' PINs to unlock the phone.

In fact, the Curesec post states, the bug – present in Android 4.0 to 4.3 but not 4.4 – exposes any locking technique: PINs, passwords, gestures or facial recognition. The thing is most Andropid handsets wont het patched unless Google comes up with a patch which the manufacturers push out and the networks then give the ok to  :(



http://www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/
Damned, if you do damned if you don't

Simon

#1
Dec 13, 2013, 10:14:42
I can't help thinking these vulnerabilities are made more, er, vulnerable, by media such as The Register constantly shouting it from the rooftops.  Surely if they kept quiet about it, fewer people would know that the holes are there to be exploited? 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Gary

#2
Dec 13, 2013, 10:19:21 Last Edit: Dec 13, 2013, 10:23:00 by Gary
Quote from: Simon on Dec 13, 2013, 10:14:42
I can't help thinking these vulnerabilities are made more, er, vulnerable, by media such as The Register constantly shouting it from the rooftops.  Surely if they kept quiet about it, fewer people would know that the holes are there to be exploited? 
People need to know if their gadget has vulnerabilities, if nothing else so they can make sure its by their side as in this issue or take extra precaution online maybe. Also making it public puts pressure on manufacturers to actually patch these things, otherwise they just get left as has been the case before. The thing is the people who know how to exploit these holes will use it and posting it does not mean necessarily mean increased abuse of the issue. By the time the reg publishes it its probably common knowledge in the black hat circles and sometimes kits to exploit these things are being sold in 'the right places' so its all a bit academic.
Damned, if you do damned if you don't

Glenn

#3
Dec 13, 2013, 11:57:59
Quote from: Gary on Dec 13, 2013, 09:50:30
The thing is most Andropid handsets wont het patched unless Google comes up with a patch which the manufacturers push out and the networks then give the ok to  :(


Google have patched it, it's called KitKat, or Android 4.4.2. It's the handset manufacturers that drag their heels in pushing out the updates, they insist on having their UI which possibly needs to be updated to run on the latest version of Android. KitKat will now run on low spec devices so there is no excuse. http://www.phonearena.com/news/Android-4.4-KitKat-is-official-new-launcher-made-to-run-on-low-end-devices_id48935
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

#4
Dec 13, 2013, 12:46:11
You could also switch off data when you are not actively using it as I do.

Print
Go Up Pages1
User actions