# The SBHonline Community Daily > Digerati Discussions! >  >  Major Flaw in Android phones

## andynap

*Major Flaw In Android Phones Would Let Hackers In With Just A Text**Android is the most popular mobile operating system on Earth: About 80 percent of smartphones run on it. And, according to mobile security experts at the firm Zimperium, there's a gaping hole in the software  one that would let hackers break into someone's phone and take over, just by knowing the phone's number.In this attack, the target would not need to goof up  open an attachment or download a file that's corrupt. The malicious code would take over instantly, the moment you receive a text message.
"This happens even before the sound that you've received a message has even occurred," says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker's Handbook. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."
Here's how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it's received by the phone, Drake says, "it does its initial processing, which triggers the vulnerability."
The messaging app Hangouts instantly processes videos, to keep them ready in the phone's gallery. That way the user doesn't have to waste time looking. But, Drake says, this setup invites the malware right in.
If you're using the phone's default messaging app, he explains, it's "a tiny bit less dangerous." You would have to view the text message before it processes the attachment. But, to be clear, "it does not require in either case for the targeted user to have to play back the media at all."
Once the attackers get in, Drake says, they'd be able do anything  copy data, delete it, take over your microphone and camera to monitor your every word and move. "It's really up to their imagination what they do once they get in," he says.
There's A Solution, In Theory
According to Zimperium, this set of vulnerabilities affects just about every active Android phone in use. Drake says he discovered it in his lab, and he does not believe that hackers out in the wild are exploiting it. At least not yet.
In correspondence in April and May, he shared his findings with Google, which makes the Android operating system. He even sent along patches to fix the bugs.
"Basically, within 48 hours I had an email telling me that they had accepted all of the patches I sent them, which was great," he says. "You know, that's a very good feeling."
But it goes away very quickly, he says, when you look at how long it'll take his Nexus, my Samsung Galaxy and your LG or ZTE to get those patches. Drake says that as few as 20 percent will get fixed, though the figure may be higher than that, "potentially up to the optimistic number of 50 percent."
Android Partnerships Are Complicated
Just half of affected smartphones is not a very optimistic estimate. And Google agrees with it.
The company declined a recorded interview. But Adrian Ludwig, the lead engineer for Android Security, told NPR the flaw ranks as "high" in their hierarchy of severity; and they've notified partners and already sent a fix to the smartphone makers who use Android.
Whether it gets put into people's phones is not in Google's hands.
Collin Mulliner, senior research scientist at Northeastern University, says, "In this case Google is not the actual one to blame. It's ultimately the manufacturer of your phone, in combination possibly with your carrier."
Android phones are very different from iPhones, for example. Apple runs a closed system. It controls the hardware and software, and it's fairly easy to ship out a major revamp. The company says 85 percent of iPhone users have the latest operating system, iOS8.
According to security firm F-Secure, 99 percent of mobile malware threats in the first quarter of 2014 were designed to run on Android devices.
Google gives its latest version of Android to manufacturers, who then tweak it as they please. Carriers like Verizon and T-Mobile do more tweaking. The blog Android Central has described the challenge of updating the operating system as an "impossible problem." Earlier this year, a hole discovered in the Web-browsing app was left largely unpatched too.
Often, Mulliner says, manufacturers don't have a financial incentive to fix phones already sold.
"If you can save money by not producing updates, you're not going to do that," he says. "Since the market is moving that fast, it sometimes doesn't make sense for the manufacturer to provide an update."
NPR has asked leading phone makers and wireless service providers whether they'll fix the bug. We're waiting for responses and will post them to this page.

*

----------


## JEK

*iOS 8 adoption bumps up to 81% with help of Apple Watch*

image: https://9to5mac.files.wordpress.com/...g?w=1408&h=844
*Update*: 82% as of May 13.
More than 7 months after its official release, iOS 8 has now passed 80% adoption as a version of Apples latest mobile operating system is running on 81% of active devices, according to Apples App Store Distribution data. The new data puts iOS 8 up two points since this time two weeks ago. The remaining devices include 17% running a version of iOS 7, which is where the upgrades came from, while 2% of devices measured have iOS 6 or earlier.

That compares to MixPanels data that puts iOS 7 adoption at around 91% during the same period last year; its current data for iOS 8 is just a couple points above Apples. The trend has been that iOS 8 has seen a slower climb compared to the year ago update adoption rate, with Apple releasing more point updates in recent months to address performance issues and deliver new features.
One version of iOS 8 specifically noted addressing an issue with over-the-air updates requiring less internal storage space, an issue that hurt some early adoption especially with 8GB and 16GB devices in the mix.
image: https://9to5mac.files.wordpress.com/...ng?w=500&h=686
In terms of features, Apple saved Apple Pay support for the iPhone 6 and 6 Plus as well as the iPad mini 3 and iPad Air 2 for iOS 8.1. The Apple Watch app appeared with iOS 8.2 while Apple added over 300 new emoji characters with iOS 8.3. A pre-release version of iOS 8.4 which includes an all-new Music app is currently being tested by developers and public beta users.
iOS 8.2 or later is also required for use with the Apple Watch.
As we reported earlier this year, Apple will largely focus on performance issues and stability with the next major release, iOS 9, which Apple is expected to preview in a few weeks at WWDC in early June where it will reveal the future of iOS and OS X.



Read more at http://9to5mac.com/2015/04/29/ios-8-...txRx6ORv30S.99

----------


## Jim Kelly-Evans

really disturbing news for Android users...no fix in sight

----------


## andynap

> really disturbing news for Android users...no fix in sight



You can do one of 2 things- one is to set your SMS App to Block unknown Senders. That will block everyone except your contacts. The 2nd one is to download a SMS blocking App. 
I also have Call Control that blocks all calls except from my contacts and sends them to voicemail.

----------


## Peter NJ

Thanks Andy I downloaded the blocking App hope it works for everyone

----------


## JEK

As long as none of your contacts had protected SMS. If they had unprotected SMS, you might be positive.

----------


## Petri

Get Textra for SMS/MMS.

"The Stagefright MMS exploit occurs when an SMS/MMS app creates the MMS video thumbnail in the conversation bubble or notification or the user plays the video or shares to the gallery.

We are working on a rock solid solution for 'StageFright' in Release 3.1 of Textra out this week."


I didn't like when Google combined Hangouts and text messages and have been using Textra since then (on Nexus 5).

----------

