“Android security woes got worse on Thursday, with two separate reports of code defects that put millions of end users at risk,” Dan Goodin reports for Ars Technica. “The first involves the update Google released last week fixing a flaw that allowed attackers to execute malicious code on an estimated 950 million phones with nothing more than a maliciously crafted text message.”
“Seven days later, security researchers are reporting that the patch, which has been in Google’s possession since April, is so flawed that attackers can exploit the vulnerability anyway,” Goodin reports. “‘The patch is 4 lines of code and was (presumably) reviewed by Google engineers prior to shipping,’ Jordan Gruskovnjak and Aaron Portnoy, who are researchers with security firm Exodus Intelligence, wrote in a blog post published Thursday. ‘The public at large believes the current patch protects them when it in fact does not.'”
“Separately, researchers from security firm MWR Labs disclosed a flaw that allows malicious apps to break out of the Android security sandbox,” Goodin reports. “The rash of vulnerabilities being reported in Android and the difficulty in getting them installed on end-user devices is taking its toll on the mobile OS.”
Read more in the full article here.
MacDailyNews Take:
Those who’ve settled for pretend iPhones are coming to a sad realization:
If it’s not an iPhone, it’s not an iPhone.
SEE ALSO:
Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
Waiting for Android’s inevitable security Armageddon – August 10, 2015
Android fingerprint sensors aren’t as secure as iPhone’s Touch ID – August 10, 2015
Apple iPhone sees highest switching rate from Android ever recorded – August 10, 2015
This is how Apple’s iPhone kills Android phones – August 7, 2015
Certifi-gate: Hundreds of millions of Android devices vulnerable to stealth unrestricted access – August 7, 2015
Malformed video files can be used to crash half of all Android phones – July 30, 2015
Security journalist: Goodbye, Android, hello Apple iPhone! – July 29, 2015
950 million Android phones can be hijacked by malicious text messages – July 27, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
Just In time for Samsung Pay. Yeah, that’s what I want to do: store my credit card data on a device that is so hack prone, even its designers use something (iOS/iPhone) else.
Sorry but security researcher have established that iOS (all versions of iOS) is the second least secure OS on the planet today!
Believe it or not, the least secure of all is MacOS!!
You want a secure OS, security researchers have rated Microsoft Windows OS as the most secure OS on the planet today!!!
Garry,
Are you doing the comedy club circuit, because if you are I want to see you when you come to town. You are one hilarious dude.
That’s why there’s so much malware on MacOS that users have to spend so much time getting rid of malware—just hook a mac up to the internet and it’ll be compromised in minutes!
Meanwhile, it’s all smooth sailing over in windows-land.
Are we having fun yet?
“Sorry but security researcher have established that . . .”
You mean security researcher(s) that want to sell you their security software. They are PISSED that most Apple users don’t bother buying their software.
thanks for saving me hundred dollars a year in antivirus.. antimalware,,, reloading the OS and just plain frustration in my computing life, steve, whichever one you are
it means a lot to all of us
Oh I remember this article! They wrap all OS X and iOS versions into one, but Windows they spread out into separate versions! If you wrap Windows into one like they did OS X, iOS and Linux Microsoft has the least secure OS with a very high numbers, more like double!
Everybody wants to be a comedian.
Skeptical???
Please read for yourself …
http://www.zdnet.com/article/mac-os-x-is-the-most-vulnerable-os-claims-security-firm/
Cheers.
Um, no.
That article, as linked here, basically says “so, it appears that the counts we used are not indicative of reality… you shouldn’t believe they’re accurate.” They reported each version of windows as different (not aggregating counts) but lumped every version of MacOS and IOS together. There are other irregularities in their counting method, as well.
did you actually read the article which bashes the findings?
“The GFI report apparently doesn’t account for the various disclosure policies among companies. As a result, Apple would argue that the GFI report only reflects disclosed and fixed issues—not the overall security of the OS. Apple reports every fixed security issue and assigns each one a CVE. ”
“disclosed”
LOL.
android etc often doesn’t disclose or fix issue and the vast majority of phones don’t even get android updates even if you want them. One android blog suggested “get a NEW phone if you’re so worried”. LOL.
Oh I remember this article! They wrap all OS X and iOS versions into one, but Windows they spread out into separate versions! If you wrap Windows into one like they did OS X, iOS and Linux Microsoft has the least secure OS with a very high numbers, more like double!
The only people who should use Android phones are geeks who like to customize the damn things and know what they are doing. Even for them the phone is risky.
But for the general public, using an Android phone is like having sex with a drug addict without using any protection.
HEY HEY HEY!!!
Don’t cut down drug addicts like that! They are WAY BETTER THAN ANDROID !-)
I think it is more like sticking parasitic data harvesters under your skin so they can infest your ears throat and mind and also your pocketbook
That said, I won’t do either an HIV positive drug abuser or android, thank you very much
Android users for the most part don’t mind putting their dick in crazy so none of this actually matters.
It doesn’t even matter if a REAL fix is available, because most existing Android devices will not see them. Android phone makers only care about “handing off” (selling in large batches) their phones to the designated wireless carrier. They even put a decal of the carrier’s logo on it, to show that the carrier now “owns” the customer’s after-sale problems. Who cares if the Android phone can be updated with a security patch (or not)? It’s not the phone makers problem anymore.
Apple insists on keeping a direct relationship with the customer. Wireless carriers must keep a low profile, to be allowed to offer iPhone. iPhone customers worldwide get software updates as soon as Apple decides to release them.
Very Catch 22.
There’s a patch to fix your phone but you can’t get the patch. It doesn’t really matter because the patch doesn’t protect you anyway. The patch must have been supplied by Milo Minderbender.
Unfortunately, the U.S. Economy is being run by a gang of Milos these days.
Looks like Google has the 3rd string programmers on Android.
Android: open in all the wrong ways, as in bend over and grab you ankles.
Wow, I’m almost starting to feel sorry for Android . . . nah, who am I kidding.
you know, i almost started thinking of the “friends” that use android and almost started feeling sorry for them..
but nah, did my due diligence and made it available for them
now I only hope they recognize the chickens coming home to roost before it is too late for them,
as for the OS, ( i never once even in a fit of thought experiment felt sorry for it), may it NEVER rest,,,, in hell
“the patch, which has been in Google’s possession since April, is so flawed that attackers can exploit the vulnerability anyway”
The reason Google’s programers didn’t take the patch seriously was because Android users don’t update anyway – even if they could, which for much of the hardware out there, they can’t.
some think of their phone as a “secret portal” to the outside world (direct quote from a very honest friend) boy did i open his eyes quickly when showed the exploited cheesecloth. when asked which version of android he was on, he said the latest one. he was three years old and did not understand the concept that exploits live on even if a phone is obsolete. the latest version was explained by a verizon sales employee during the purchase three years ago. sometimes i wonder about my intelligence when i have friends like this… oh wait, there is emotional intelligence too…….
…The patch, which has been in Google’s possession since April, is so flawed that attackers can exploit the vulnerability anyway.
IT’S OFFICIAL:
Stupid Google is maniacal about finding everyone one else’s security flaws but is incapable of securing their own software. I hereby bombard them with shame. Oh the shame. Such shame on you.
Rub some Preparation H on that andrrhoid.
This is what happens when an Android phone is hacked and the battery overheats: