Taking a look back at Seven Days of news across the Android world, this week’s Android Circuit includes thoughts on the dangers of the Stagefright exploit and how to minimize the danger, Android’s poor portability to roll out security updates, leaked pictures of the Samsung Galaxy Note 5, the launch of the OnePlus, Motorola’s reveal of the latest Moto X and Moto G handsets, a wish for new battery technology, tablet marketshare numbers, a review of the Acer Flip Chromebook, and Samsung delivering the obvious in its new desktop monitor.
Android Circuit is here to remind you of a few of the many things thathave Happened around Android in the last week (and You Can Find The Weekly Apple News Digest here).
Android’s Most Dangerous Exploit Yet
The biggest news of the week in the Android is simply called ‘stagefright’. These codes exploit can be used to take control of an Android device by sending it a malformed multimedia message. First reported to Google in April by Joshua Drake, Drake published a handful of details of the exploit ahead of presentations at Black Hat (August 5) and Def Con (August 7):
Zimperium zLabs VP of Platform Research and Exploitation, Joshua J. Drake (jduck), dived into the deepest corners of the Android code and discovered what we believe to be the worst Android vulnerabilities discovered to date. These issues in Stagefright code Critically expose 95% of Android devices, an Estimated 950 million devices. Drake’s research, to be presented at Black Hat USA on August 5 and DEF CON 23 on August 7 found Multiple Remote Code Execution Vulnerabilities That Can Be Exploited using various methods, the worst of Which requires no user-interaction.
Attackers only need your mobile number, using Which They can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack Could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous Because They do not Require That the victim take any action to be exploited.
As well as Informing Google, Drake overpriced Supplied details on how to patch the exploit, and this is now presented in Google’s codebase for Android. Patches Nexus devices are rolling out over-the-air next week.
Nexus 6 (image: Google.com)
Stagefright leverages Android’s Fatal Flaw
It’s nice to have it patched on a central server in Mountain View, but it does not mean anything if the patch does not get onto a user’s handsets. And that’s where it gets awkward. The Stagefright patch needs to be sent over the air, so it’s up to manufacturers and carriers to work alongside Google to deliver the update in a timely fashion. And right now that’s not happening:
In Broad Strokes, manufacturers need to get the Android updates from Google, then These Need to be applied to the manufacturer’s base version of Android, then it Needs to be rolled out to each productline. Testing is a huge cost at this point, and many older handsets will simply not be deemed worthy of the effort, and will never see an update.
After That, the changes need to go to the Testing and Certification process at the carriers, who will then DETERMINE When an update can be rolled out over the air.
Assuming all of the above goes into a user’s favor, They can expect to see an update at some undisclosed time in the future.
Given the flaw was reported to Google in April ahead of the presentation in August, there’s been more than enough time if the industry felt there was a need to rush. For some Android users, this salmon attitude to security is the final straw. Lorenzo Franceschi-Bicchierai for Vice’s Motherboard:
This is the fundamental difference between Android and iPhone. When there’s a bug on iOS, Apple patches it and can push an update to all iPhone users as soon as it’s ready, no questions asked.
When the samething happens with Android, Google patches and then … good Knows When The AT & amp; T’s, Verizon, HTC, and Sony of the World Will Decide it’s important enough That They Should Care and send you the update with the patch (though to Their credit, they’re starting to care, Mostly Because having an updated OS is now seen as a competitive advantage). Hell, even Google-owned Nexus phones, Which the company HAS fullcontrol over, have not been patched for Stagefright yet.
In the meantime, users are advised to turn of the auto- downloading of media files in your MMS client. Twilio HAS details on where this option is in stock Android, and it’s in a similar place on other manufacturer’s handsets.
Samsung Galaxy Note 5 Images Leak
The momentum behind the upcoming release of the Samsung Galaxy Note 5 ice building. On the official side, journalist this week received an invitation to another ‘Samsung Unpacked “event on August 13th (and the Forbes Tech team will be covering the event). On the unofficial side, photos of Samsung’s ‘other’ flagship device – the Galaxy Note 5 – have leaked. Jay McGregor notes the similarity to the new design language seen in the Galaxy Alpha and the Galaxy S6:
What’s avatars clear Is that the Note 5 is almost Identical to the Galaxy S6 , save for the S Pen. Everything else -the curved glass rear panel, the metal frame- echoes Samsung’s new premium design philosophy That it’s Implementing across its range.
That likely plastering paid to a replaceable battery, although MicroSD Could Still ask squeezed into one of the spines. We’ll have all the details after the Unpacked event.
That said, unless you’re in North America or Asia you might not get the chance to buy the Note 5:
Rumours have pointed towards bothering devices launching in different territories to avoid one’s sales cannibalising The Other’s – as the S6 Edge did to the S6 (Not to mention getting its device out early before Apple’s iPhone 6s). SamMobile reported EARLIER thismonth That the Galaxy S6 Edge + will launch globally, with the Note 5 only (INITIALLY) launching in North America and Asia.
Giving the European Market No Choice But the ‘phablet ‘version of the Galaxy S6 Edge feels like a … courageous choice. Presumably feedback and sales of the S6 Edge Compared to the vanilla Galaxy S6 have played a party.
No comments:
Post a Comment