'Master key' to Android phones uncovered

[admin]

A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.

The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

Read the rest of the post: http://www.bbc.co.uk/news/technology-23179522

 

[Genesis]

Glad they found it. Problem is, wonder how many people of the millions of android phones out there are aware of this as it probably needs an update or something. Guess automatic updates would be great for this kind of thing? Is it possible?

 

[PeaceSigns]

Amazing - I'm sure there must be a secret to use the factory defaults on phones to get access to someone's phone without needing to know their password.

 

[raksharqi]

I wonder why none of these problems occur in iOS and windows

 

[aleksikzoran]

That's why i stick to the iPhone.

 

[Khaleel78]

Dude, iPhone has had more security flaws than this one. Like how in the 6.1, all you had to do was eject the SIM card slot and itpress a few buttons and simple combination and you've unlocked the phone without entering the passcode.

And for windows, anyone can use OPHCrack liveCD and reveal or remove admin passwords.

So I think this isn't anywhere near the security flaws that Windows and Apple have on their respective systems.

 

[smalpierre]

All have their issues. Take this for example: http://www.scmagazineuk.com/exclusi...t-could-be-crashed-using-code/article/164395/

There's John the Ripper for Linux and OSX ... The only way to be totally secure is to not use the technology.

 

[T.Kawabata]

I think, about iOS, because it is controled by only Apple.
About Windows, because many people already take care the security for long time.
About Android, so many devices are in the world but not yet so many people taking care the security.

>>I wonder why none of these problems occur in iOS and windows

 

[GigaGreg]

I don't think that the update will be avaliable for older phones though. But that is a good share DJB.

 

[strokerace]

Its a marketing ploy.They tell you about a security issue. Then tell you that an update to fix this is only works on newer phones. So those with older phones think that they are going to get hacked, so they run out and buy a new phone.

As for Iphone, they are the worst for security issues. Every week they are sending out updates to fix security issues.
Window phones, well, its windows so it always have security issues.

 

[Genesis]

Its a marketing ploy.They tell you about a security issue. Then tell you that an update to fix this is only works on newer phones. So those with older phones think that they are going to get hacked, so they run out and buy a new phone.

You think this applies to Microsoft with Windows XP too? Selling Windows 7 at the time? Or was there a genuine issue about security?

What you say really resonated with me. As I get these hundreds of updates from Microsoft. One can check on the topics, but the topics don't always give the total story without going to their Website and trying to make sense out of the details. And I just learned that some of the recent Windows 7 updates from Microsoft have been to prepare our current Windows for getting Windows 10 Ads as soon as Windows 10 has been released. Looks as though we need a Windows BS Detector Website (maybe there is already one?) for checking up on updates from Windows and nixing the ones from Microsoft we don't want. But last I checked if one has automatic update activated. Getting rid of any of those updates ain't easy. :unknown:

 

[strokerace]

Xp was originally intended to spy on users.This was exposed a few months after the release XP. I was with the group that discovered that XP was backed door to the NSA. It was also part of the reason for SP1. After you installed SP1,the backdoor was closed and the memory usage was reduced. As time went on, the source code for windows XP and a few other windows was released to the public. So basically, XP was no longer profitable for MS. Then they released Vista, that was a cheap altered version of Win ME and an Apple/Linux look. M$ started to lose user to Apple and linux. Apple lowered their prices and changed their CPU to an Intel. So, M$ used security issues roll out an O/S.3% of the users wanted something different, so M$ listened. They came out win8, then 8.1 and now 10. All of them linux based with a windows flavor. All of them backed doored toNSA and each one designed to stop people from pirating software.

 

[Genesis]

They came out win8, then 8.1 and now 10. All of them linux based with a windows flavor. All of them backed doored toNSA and each one designed to stop people from pirating software.

So does this mean then that Microsoft is spying with win8, 8.1 and 10? And not with Windows 7?

 

[strokerace]

They are spying with them all

 

[Genesis]

They are spying with them all

And charging mega bucks for it too. :aggressive:

 

[_Hoh_]

People doesn't buy phones because they are secure, they buy them because they look nice, because it is fast or any other frivolous excuse.

So that is why we are so vulnerable, we need to demand more from builder companies.

 

[Genesis]

People doesn't buy phones because they are secure, they buy them because they look nice, because it is fast or any other frivolous excuse.

So that is why we are so vulnerable, we need to demand more from builder companies.

That's the reason I don't own a smart phone. I'd like one for fun, but the security angle of it gets to me. I heard that people can even listen in to your discussions in the room where you have your phone on you. I'm completely neurotic about my privacy and security. I know I'll probably have to get a smart phone one day as I'm getting behind in all the nice things it can do, but I'm hoping by the time I get on board they'll be more beefed up on security. For now I've got a simple phone that phones and makes text messages. No bluetooth or WiFi. Battery lasts for one week.

This is what it looks like:

 

[Hanzo]

If you want to have secured phone - you need to know how to "cook" your own ROM.

IMHO.

---

People doesn't buy phones because they are secure, they buy them because they look nice, because it is fast or any other frivolous excuse.
....
For now I've got a simple phone that phones and makes text messages. No bluetooth or WiFi. Battery lasts for one week.

I have a smartphone because I use most of it's functions.
Once fixed a forum from my HTC Universal.

 

[Figlet]

A note on security:

Every device/OS/chipset has vulnerabilities. The best way to use your devices securely is to lock down all unused functionality. I've only been on one computer system that I was unable to load testers and authentication hash zero attacks on, and it was locked down with unbreakable security policies, and the boot order was changed to HDD first, and the firmware was locked down. I would have to gain physical access to the guts of the system and actually initiate an alternative boot device by using a USB dongle for the hard drive just to enable the administrator account and zero the password hash.

Your devices are only as insecure as you allow them to be. The more you know!

 

[Genesis]

Your devices are only as insecure as you allow them to be. The more you know!

That's very true. I also apply the rule of locking down certain services when I don't use them, particularly WiFi. Strange that even if one doesn't use the WiFi, how much battery life it eats as well.