So you think you locked your Android phone?

Started by Gary, Dec 13, 2013, 09:50:30

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Gary

Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users' PINs to unlock the phone.

In fact, the Curesec post states, the bug – present in Android 4.0 to 4.3 but not 4.4 – exposes any locking technique: PINs, passwords, gestures or facial recognition. The thing is most Andropid handsets wont het patched unless Google comes up with a patch which the manufacturers push out and the networks then give the ok to  :(



http://www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/
Damned, if you do damned if you don't

Simon

I can't help thinking these vulnerabilities are made more, er, vulnerable, by media such as The Register constantly shouting it from the rooftops.  Surely if they kept quiet about it, fewer people would know that the holes are there to be exploited? 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Gary

#2
Quote from: Simon on Dec 13, 2013, 10:14:42
I can't help thinking these vulnerabilities are made more, er, vulnerable, by media such as The Register constantly shouting it from the rooftops.  Surely if they kept quiet about it, fewer people would know that the holes are there to be exploited? 
People need to know if their gadget has vulnerabilities, if nothing else so they can make sure its by their side as in this issue or take extra precaution online maybe. Also making it public puts pressure on manufacturers to actually patch these things, otherwise they just get left as has been the case before. The thing is the people who know how to exploit these holes will use it and posting it does not mean necessarily mean increased abuse of the issue. By the time the reg publishes it its probably common knowledge in the black hat circles and sometimes kits to exploit these things are being sold in 'the right places' so its all a bit academic.
Damned, if you do damned if you don't

Glenn

Quote from: Gary on Dec 13, 2013, 09:50:30
The thing is most Andropid handsets wont het patched unless Google comes up with a patch which the manufacturers push out and the networks then give the ok to  :(


Google have patched it, it's called KitKat, or Android 4.4.2. It's the handset manufacturers that drag their heels in pushing out the updates, they insist on having their UI which possibly needs to be updated to run on the latest version of Android. KitKat will now run on low spec devices so there is no excuse. http://www.phonearena.com/news/Android-4.4-KitKat-is-official-new-launcher-made-to-run-on-low-end-devices_id48935
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

You could also switch off data when you are not actively using it as I do.