ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Security: Stagefright Vulnerability (Android)

<< < (2/3) > >>

Tuxman:
People still use MMS?
Why?

Deozaan:
People still use MMS?
Why?
-Tuxman (July 30, 2015, 04:13 AM)
--- End quote ---

Because some people can't tell the difference between IM and texting in apps that handle both.

f0dder:
People still use MMS?
Why?-Tuxman (July 30, 2015, 04:13 AM)
--- End quote ---
Because it's a way to send/receive pictures for people who aren't on social media sites and don't use instant-messaging platforms?

Also, remember that just turning off MMS isn't enough to protect you from this exploit, it can be triggered in-browser as well. One of the worst exploits in a while...

mwb1100:
People still use MMS?
Why?
-Tuxman (July 30, 2015, 04:13 AM)
--- End quote ---

I'll admit that I have no idea.  I just press a icon when I want to send someone a message, type a few words in and press send.

I have no idea what technology might be used behind the scenes, and I don't really care to know. All I care about is that the message I send arrives on the phone of the user I sent it to.

Deozaan:
Stagefright is still a problem.

Stagefright was supposedly fixed, and even an app that detects whether or not your device is vulnerable will say you are not vulnerable, even if you are!

Emphasis added:

We notified Google of the issue on August 7th but have not had a reply to our query regarding their release of an updated fix. Due to this, as well as the following facts, we have decided to notify the public of our findings here on the Exodus Intelligence blog.


* The flaw was initially reported over 120 days ago to Google, which exceeds even their own 90-day disclosure deadline.
* The patch is 4 lines of code and was (presumably) reviewed by Google engineers prior to shipping. The public at large believes the current patch protects them when it in fact does not.
* The flaw affects an estimated 950 million Google customers.
* Despite our notification (and their confirmation), Google is still currently distributing the faulty patch to Android devices via OTA updates.
* There has been an inordinate amount of attention drawn to the bug–we believe we are likely not the only ones to have noticed it is flawed. Others may have malicious intentions.
* Google has not given us any indication of a timeline for correcting the faulty patch, despite our queries.
* The Stagefright Detector application released by Zimperium (the company behind the initial discovery) reports “Congratulations! Your device is not affected by vulnerabilities in Stagefright!” when in fact it is, leading to a false sense of security among users.-http://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/
--- End quote ---

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version