topic Re: Tech News : Android Fake ID bug exposes smartphones and tablets in Off-Topic

Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Tue, 29 Jul 2014 17:17:42 GMT

Headline : Android Fake ID bug exposes smartphones and tablets.

"An Android flaw has been uncovered that lets malware insert malicious code into other apps, gain access to the user's credit card data and take control of the device's settings.

BlueBox Labs said it was particularly concerning as phone and tablet owners did not need to grant the malware special permissions for it to act."

My thoughts :

Thought I'd add this to the forum as a heads up.

Source : BBC News
Read more here : http://www.bbc.co.uk/news/technology-28544443

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Tue, 29 Jul 2014 18:43:10 GMT

Have Android devices on O2 recieved a recent update that would patch against this vulnerability?

Possibly one for @Toby or @Chris_K ?

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Tue, 29 Jul 2014 18:46:01 GMT

Google have released a patch to close the vulnerability but I understand it is with the manufacturers now to update devices and push it out.

Of course for locked phones that will show things down further.

This is a weak point with Android. At least with Apple they keep control and push updates out to devices bypassing the networks to a degree.

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Tue, 29 Jul 2014 18:52:41 GMT

@Anonymous wrote:

At least with Apple they keep control and push updates out to devices bypassing the networks to a degree.

That is literally the only thing I wish other manufacturers could do that Apple already utilise.

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

anticpated — Tue, 29 Jul 2014 20:00:17 GMT

The largest issue is that Google will only push relevant security updates to currently popular versions of it's Android OS. And don't forget OEM developers will add their own level security into their custom version, so LG, Samsung and HTC should be patched by now in 4.3 to the current 4.4.4 builds.

OEM developers whom have ceased updating firmware on older telephones won't patch it.

Google might in their Nexus range, however there is far less fragmentation in the OS share there anyway. If you don't fully trust an application or have no clue what you're doing, then maybe you shouldn't be using an Android mobile/tablet.

To be fair, people will always use cheap and nasty tricks to exploit people.

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Wed, 30 Jul 2014 07:42:49 GMT

To counteract the media scare mongering around this, I found this article to be quite good:

http://www.androidcentral.com/fake-id-and-android-security-updated

Yes the bug is an issue, but Google have known about it since April and have already patched it. The article also points out that the LG G3, HTC One M8 and Samsung Galaxy S5 are already updated with this. Also, Google have updated Google Play and Verify Apps to protect users (which helps with regards to phones no longer being updated, as these are done independently of the OS), and they have found no apps in their store that attempt to use this vulnerability.

So, stick to installing apps from Google Play and be aware of what you're installing I guess is the moral of this story.

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Toby — Wed, 30 Jul 2014 09:09:18 GMT

Hi Papa, I'll see if there is any info on this for you.

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Wed, 30 Jul 2014 11:08:58 GMT

Have you seen this guy's opinion?

http://www.osnews.com/story/27868/Another_day_another_sensationalist_unfounded_security_story

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Wed, 30 Jul 2014 11:20:28 GMT

Awesome @Anonymous

I have checked my Android device and see that Verify Apps is already running so I feel fairly secure.

Thank you for the updates

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

jonsie — Wed, 30 Jul 2014 11:27:49 GMT

Fear, uncertainty and doubt just about sums up the aim of the spreading of these stories and the ultimate end result of selling antivirus apps.

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Wed, 30 Jul 2014 12:15:27 GMT

Generally these security scare stories are just that. It's good to know when a vulnerability is found, but tech sites (and general news sites as well) really need to ensure they explain the issue(s) completely...

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Wed, 30 Jul 2014 12:17:06 GMT

I agree in most cases.

However these info needs to be known in many cases.

Knowledge is power.

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

Anonymous — Wed, 30 Jul 2014 12:39:47 GMT

Absolutely, the more people know about these issues/bugs etc, the more likely they'll be fixed quickly (and hopefully in the process another bug won't be introduced! )

Re: Tech News : Android Fake ID bug exposes smartphones and tablets

anticpated — Wed, 30 Jul 2014 12:53:31 GMT

I think the terms 'hack' and 'bug' get thrown about coloquially by the media. Firstly 'hacking' in information technology terms refers to the unauthorised access to data stored on an individuals or companies electronic device - not a quick fix and methodology to make your life easier.

A 'bug' refers to a software glitch which is either minor and affects the operation of the said software or it's exploitable so therefore makes it a security risk. Malware is not a bug, it's a serious crime when used by career criminals.

I wish these so-called tech media wouldn't simplify things to the extent that things get taken out of context. Just like that GCHQ bug where they monitor everyone's data.

I'll get of my high-horse now.