New Stagefright bugs leaves some 1.4 billion Android settlers vulnerable

“In July, a security researcher revealed that Android phones could be hacked with a simple text, thanks to a series of bugs in the Android operating system that are now commonly known as Stagefright,” Lorenzo Franceschi-Bicchierai reports for Motherboard.

“On Thursday, the same security researcher warned that two new Stagefright bugs can allow hackers to break into your phone by tricking you into visiting a website containing a malicious multimedia file, either mp3 or mp4,” Franceschi-Bicchierai reports. “Joshua Drake, a researcher at Zimperium zLabs, and also author of the Android’s Hacker Handbook, found that one vulnerability affects “almost every Android device” since the first version of the operating system, released in 2008. The second vulnerability allows hackers to trigger the first, even in newer version of Android, such as 5.0 and above.”

“Researchers at Zimperium zLabs estimate that at least 950 million Android users, and likely more are vulnerable to these these bugs,” Franceschi-Bicchierai reports. “Zuk Avraham, the company’s founder and Chief Technology Officer, said that it’s likely that 1.4 billion people are affected.”

“Just an aside here: That’s the main reason I wrote a rant about abandoning Android and jumping ship to the iPhone,” Franceschi-Bicchierai reports. “Again, if you care about security, perhaps you should think about switching to another operating system.”

Read more in the full article here.

MacDailyNews Take: “Open.” As in: WIDE.

Now to be fair, this is only because Android is an inferior product peddled to cheapskate tech illiterates who do not value their privacy and/or who are unable to recognize a half-assed knockoff from the revolutionary original.

Android is a BlackBerry clone that was hastily rejiggered to mimic iPhone at the last minute. Obviously, mistakes were made. (smirk)

So, the Android rush-job is a security nightmare. It’s a fragmented morass. It’s too many cooks in the kitchen. It’s crap-by-committee junk.

And anyone who rewards blatant thieves by settling for Android garbage deserves their fate.

Apple’s iOS beats Android in multiple meaningful ways – August 18, 2015
Waiting for Android’s inevitable security Armageddon – August 10, 2015
Android fingerprint sensors aren’t as secure as iPhone’s Touch ID – August 10, 2015
Apple iPhone sees highest switching rate from Android ever recorded – August 10, 2015
This is how Apple’s iPhone kills Android phones – August 7, 2015
Certifi-gate: Hundreds of millions of Android devices vulnerable to stealth unrestricted access – August 7, 2015
Malformed video files can be used to crash half of all Android phones – July 30, 2015
Security journalist: Goodbye, Android, hello Apple iPhone! – July 29, 2015
950 million Android phones can be hijacked by malicious text messages – July 27, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013

[Thanks to MacDailyNews Readers “Fred Mertz” and “Tayster” for the heads up.]


    1. I actually have some sympathy for lower-income folks who got an Android.

      The feature set is tempting…certainly better than almost anything except an iPhone, yet at a price they can actually afford.

      The people who “get what they deserve” are those who could easily afford an iPhone, know the risks of Android, and stupidly go the Android route anyway, through either falling to the false promises of “openness” or simply being cheapskates.

      1. I’m not sure that patronizing is the right reaction here…

        Estimated costs of an iPhone lay somewhere between 200$ and 250$. All the rest is the apple tax.

        You don’t get what you pay for (On the hardware point of view) with an iPhone. You just get a logo.

        That said the question is much more complicated when we look at the features. There are some points where iPhones are better:

        – Well integrated ecosystem
        – Always up to date phone
        – Users taken by the hand to show them what to do
        – Status symbol

        Android phones also have interesting features:

        – Different hardware fitting to different needs (Choice)
        – Multi-sim / SD / batteries / waterproof / Or a mix of all these
        – More flexibility in usage and function

        I don’t speak about security here as I addressed this point with my answer to gainestr

        The way some iPhone user behave considering themselves as an “elite” is probably what harms the most the image of this brand

        1. Here we go with this crap again. That range between $200-$250 is an ESTIMATE of what the parts cost. And that would seem like a fair comparison with other OEMs. However, those costs do not include all the development and capital that went into making a lot of those parts.

          Just speaking from a hardware point-of-view…

          A9 (custom CPU), Taptic Engine, Touch ID, 3D Touch, Camera sensor, Camera lenses, battery chemistry.

          These are things Apple designs, develops, and engineers and those costs are not included in the cost to manufacture these components. It also sets Apple’s devices apart from other OEMs who cannot use these same components in their own products. Not to mention, Apple spends billions on the manufacturing equipment that makes a lot of those components.

          So yes, there is a premium Apple thinks they can command for their devices, and most who buy their products think so as well.

          1. “So yes, there is a premium Apple thinks they can command for their devices, and most who buy their products think so as well.”

            Perfect… If you consider it’s worth it then buy it. I will never tell you you’re an idiot because criteria X is more important for you than for me while criteria Y is more important for me than for you.

            BTW… The R&D “costs” Apple had/has justifying the price of an iPhone is just nonsense.

            20% of the market but the most valuable company in the world and most benefits per sold device (People here are so proud of this). This is not a coincidence… Other companies also have R&D costs… They just don’t make the same insane amount of money simply because concurrence is much stronger in the Android world and prices are much closer the real value of the phone (This is what hurting Samsung’s market share… Not the iPhone)

            Apple’s money comes from somewhere and this somewhere is your pocket. If you’re happy with that I’m happy for you.

            1. Android phones can’t command the same prices because they offer nothing unique. Anyone can build and make an Android phone. There’s only one company that can make an iPhone, which is why Apple can get away with charging what they do.

              If a phone is a phone to you, then just get an Android phone and be happy. I don’t see why you have a problem with people buying what they want, which directly correlates into Apple’s profits.

              If you hate the fact that Apple makes so much money, then surely you must hate the cause of it – idiots buying their products? Otherwise you’re just contradicting yourself.

            2. It looks like you haven’t read what I wrote.

              I think I said twice that you can buy what you want and that I have no problem with that (And I still say it).

              BTW you just gave the answer yourself in your last post:
              “If a phone is a phone to you, then just get an Android phone and be happy”.

              Some people like iPhones for some technical specifications it has (Perfect)
              Some people like the iPhone because of the “status” (I don’t share that but OK… Why not)
              Some people like the iPhone because of brand fidelity (I don’t share that either but still OK)

              Apple makes money with the two last categories as these people are willing to pay for something “intangible”.

              If brand, status symbol or the functions specific to the iPhone are important for you and you think it’s worth the price you’re not an idiot. You just take what fits to you.

              If you don’t really care about the specific Apple ecosystem, have no brand fidelity, are not interested in the status symbol and look for specific functionalities given by “one phone whatever the brand is” you are most often better served with an Android phone.

              I don’t care people buy Apple, but it looks like Apple fanboys badly care about the fact not everyone buys their little baby.

  1. Why are these exploits found but they never really seem to have any impact on anyone. I’m waiting for the day that every android phone starts calling contacts or reboots or what ever these viruses are supposed to do but never really do. Can you imagine what the world would do if they really had issues with their Android phones. Until that day, these articles are absolutely worthless because they really don’t matter to anyone.

    1. Things are a bit more complicated than the over simplistic view spread over MDN.

      The Android securtiy model is not soooooo bad. I won’t explain it in length here but you can get a glance at it here (A bit outdated but still mostly valid):

      I would just add my personal view to it:

      What is the biggest weakness of Android (Its upgrade process) is at the same time a “not so bad” defense against malwares and viruses in general. It is much more complicated to develop an attack on products that have so many differences.

      Second, even if some attacks could be widespread IF users used side downloads instead of the playstore this doesn’t (mostly) happen for a very simple reason. WHEN an Android user wants to download an unofficial app he just changes the setting in his control panel, loads the app, and returns to “secured” installation. The completely locked architecture of iOS makes this impossible. To download apps outside the appstore you have to jailbreak your phone and use alternative stores also for legit applications (Which drastically improves the risk here).

      You also have the problem on iOS that showed up with Xcode. Even with “only” 20% of the market, the attack based on xCode is actually the largest know successful attack on mobile platform. The problem here is simple… Even if more complicated, once an attack went through the review process it touches much more users at once.

      I know that I’ll get downvoted to hell and accused of trolling but well… This is just how things are even if not everybody likes to hear it

  2. Last night, I had an Android user tell me that he doesn’t want an iPhone because “you have to pay to get software/security updates”.
    😂😂😂 Geez, these Android-peddling mall kiosk workers will tell you anything to make a sale!!!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.