Taking a look back at seven days of news across the Android world, this week’s Android Circuit includes thoughts on the dangers of the Stagefright exploit and how to minimize the danger, Android’s poor ability to roll out security updates, leaked pictures of the Samsung Galaxy Note 5, the launch of the OnePlus, Motorola’s reveal of the latest Moto X and Moto G handsets, a wish for new battery technology, tablet marketshare numbers, a review of the Acer Flip Chromebook, and Samsung delivering the obvious in its new desktop monitor.Android Circuit is here to remind you of a few of the many things that have happened around Android in the last week
Android’s Most Dangerous Exploit Yet
The biggest news of the week in Android is simply called ‘stagefright’. These codes exploit can be used to take control of an Android device by sending it a malformed multimedia message. First reported to Google in April by Joshua Drake, Drake published a handful of details of the exploit ahead of presentations at Black Hat (August 5) and Def Con (August 7):As well as informing Google, Drake also supplied details on how to patch the exploit, and this is now present in Google’s code base for Android. Patches for Nexus devices are rolling out over-the-air next week.Zimperium zLabs VP of Platform Research and Exploitation, Joshua J. Drake (@jduck), dived into the deepest corners of Android code and discovered what we believe to be the worst Android vulnerabilities discovered to date. These issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices. Drake’s research, to be presented at Black Hat USA on August 5 and DEF CON 23 on August 7 found multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction.Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.
Nexus 6 (image: Google.com)
Stagefright Leverages Android’s Fatal Flaw
It’s nice to have it patched on a central server in Mountain View, but it doesn’t mean anything if the patch doesn’t get onto a user’s handsets. And that’s where it gets awkward. The Stagefright patch needs to be sent over the air, so it’s up to manufacturers and carriers to work alongside Google to deliver the update in a timely fashion. And right now that’s not happening:Given the flaw was reported to Google in April ahead of the presentations in August, there’s been more than enough time if the industry felt there was a need to rush. For some Android users, this lax attitude to security is the final straw. Lorenzo Franceschi-Bicchierai for Vice’s Motherboard:In broad strokes, manufacturers need to get the Android updates from Google, then these need to be applied to the manufacturer’s base version of Android, then it needs to be rolled out to each product line. Testing is a huge cost at this point, and many older handsets will simply not be deemed worthy of the effort, and will never see an update.After that, the changes need to go to the testing and certification process at the carriers, who will then determine when an update can be rolled out over the air.Assuming all of the above goes in a user’s favour, they can expect to see an update at some undisclosed time in the future.
In the meantime, users are advised to turn of the auto-downloading of media files in your MMS client. Twilio has details on where this option is in stock Android, and it’s in a similar place on other manufacturer’s handsets.This is the fundamental difference between Android and iPhone. When there’s a bug on iOS, Apple patches it and can push an update to all iPhone users as soon as it’s ready, no questions asked.When the same thing happens with Android, Google patches and then… god knows when the AT&Ts, Verizons, HTCs, and Sonys of the world will decide it’s important enough that they should care and send you the update with the patch (though to their credit, they’re starting to care, mostly because having an updated OS is now seen as a competitive advantage). Hell, even Google-owned Nexus phones, which the company has full control over, haven’t been patched for Stagefright yet.
Samsung Galaxy Note 5 Images Leak
The momentum behind the upcoming release of the Samsung Galaxy Note 5 is building. On the official side, journalists this week received an invitation to another ‘Samsung Unpacked’ event on August 13th (and the Forbes Tech team will be covering the event). On the unofficial side, photos of Samsung’s ‘other’ flagship device – the Galaxy Note 5 – have leaked. Jay McGregor notes the similarity to the new design language seen in the Galaxy Alpha and the Galaxy S6:What’s immediately clear is that the Note 5 is almost identical to the Galaxy S6, save for the S Pen. Everything else -the curved glass rear panel, the metal frame- echoes Samsung’s new premium design philosophy that it’s implementing across its range.
That likely puts paid to a replaceable battery, although MicroSD could still be squeezed into one of the spines. We’ll have all the details after the Unpacked event.
That said, unless you’re in North America or Asia you might not get the chance to buy the Note 5:
Giving the European market no choice but the ‘phablet’ version of the Galaxy S6 Edge feels like a… courageous choice. Presumably feedback and sales of the S6 Edge compared to the vanilla Galaxy S6 have played a part.Rumours have pointed towards both devices launching in different territories to avoid one’s sales cannibalising the other’s – as the S6 Edge did to the S6 (not to mention getting its device out early before Apple’s iPhone 6s). SamMobile reported earlier this month that the Galaxy S6 Edge+ will launch globally, with the Note 5 only (initially) launching in North America and Asia.
Credited: Forbes
0 comments:
Post a Comment