[Beware] most Android phones being exploited

jseverson

hero member

Activity: 1834

Merit: 759

Quote from: finzyoj on October 06, 2019, 03:30:13 AM

This news made me realized that there are still advantages for having an outdated phone Cheesy

, probably I'll keep using it for the meantime or maybe search for a better brand.

I don't think there are any concrete advantages in using an old phone. If your phone isn't getting security updates anymore, you could be vulnerable to both old and new exploits. This particular vulnerability can be patched, for instance.

Quote from: AverageGlabella on October 06, 2019, 03:35:33 PM

The thing with phones separate from their kernel issue is you are downloading apps from the app store which could potentially infect your phone as well as usually requiring massive amounts of private/unneeded data from your phone.

It's not necessarily a kernel issue, as nothing is inherently wrong with them; it's an exploit. If you put things that way, PC isn't any more secure, with threats like malvertising requiring zero interaction from end users to infect. Knowing what to do and what not to do will protect you against most threats you're likely to face, regardless of the platform you're using.

AverageGlabella

legendary

Activity: 1232

Merit: 1080

This is one of the major reasons why I advise against storing Bitcoin on mobile phones. I would prefer people to use Windows over android/IOS. The thing with phones separate from their kernel issue is you are downloading apps from the app store which could potentially infect your phone as well as usually requiring massive amounts of private/unneeded data from your phone.

finzyoj

sr. member

Activity: 644

Merit: 255

CryptoTalk.Org - Get Paid for every Post!

@abel1337 and joniboni

I know that there are still models which are not affected but I can't help to not to think the possibility that those brands mentioned are now unsafe. I mean, if the bug or virus (or whatever it is) able to infiltrate the system of Redmi Note 5 then it's not impossible for Redmi Mi 9T to experience the same thing since they have the same manufacturer.

I am not very knowledgeable about gadgets and I also don't know if I'm making sense at all but what I'm sure is that I'm now losing interest to Xiaomi.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: joniboini on October 06, 2019, 06:53:17 AM

Updating the kernel would be the best choice. If your provider didn't provide an update for that, either you buy a new device or stop using Chromium if you're paranoid.

Fair point. Well, there is a way to prevent getting scam if your mobile device is in the list and all you have to do is never use that mobile device when accessing your wallet that can compromise your account. Don't use it for crypto purposes and not getting scammed because of a bug.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: finzyoj on October 06, 2019, 03:30:13 AM

OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one.

If you read it carefully, you'll know how to avoid the bug just in case there is no way to fix it. It's not like your phone will go nuts only because it has a buggy kernel.

Don't fall for the headline. It's misleading if you don't read the full news.

Quote from: peter0425 on October 05, 2019, 07:38:16 PM

Another thing since you have the list meaning other Android that wasn’t on the list are safe from this!?like lower models and higher?

Read the news, and you'll know the answer.

Quote from: rocku12345 on October 05, 2019, 10:18:31 AM

Will it be enough to download updated Chrome in future or I have to change my firmware/phone ? Google based browser has a good feature to connect passwords with many devices, but is it safe to use now before update, hmm.

Updating the kernel would be the best choice. If your provider didn't provide an update for that, either you buy a new device or stop using Chromium if you're paranoid.

abel1337

legendary

Activity: 2492

Merit: 1145

Enterapp Pre-Sale Live - bit.ly/3UrMCWI

Quote from: finzyoj on October 06, 2019, 03:30:13 AM

OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one. But now, I'm hesitating whether I will buy even any of those Xiaomi smartphones or not. I really like Xiaomi because it was cheap with high quality — a true flagship killer, but if it could be a threat for my security then I'll pass.

This news made me realized that there are still advantages for having an outdated phone Cheesy

, probably I'll keep using it for the meantime or maybe search for a better brand.

This ain't gonna hinder you from buying those xiaomi phones, It's just better to avoid those model which is on the list. There are many xiaomi Redmi series that aren't included in the list.

As OP's statement said, Google releases a patch to the affected devices. The device on the list didn't receive any updates. I'm sure another xiaomi phone would not have this issue especially they are rising up and establishing their good reputation in the market.

This case can happen on most of the android devices, Just be careful on what you are browsing or downloading. As time passes the ethical way to hack the phones is getting stronger.

finzyoj

sr. member

Activity: 644

Merit: 255

CryptoTalk.Org - Get Paid for every Post!

OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one. But now, I'm hesitating whether I will buy even any of those Xiaomi smartphones or not. I really like Xiaomi because it was cheap with high quality — a true flagship killer, but if it could be a threat for my security then I'll pass.

This news made me realized that there are still advantages for having an outdated phone Cheesy

, probably I'll keep using it for the meantime or maybe search for a better brand.

peter0425

sr. member

Activity: 2618

Merit: 439

Luckily I’m not android user lol 😂😂😂

But this will take effect to my sons Mobile so thanks for the sharing OP this is a big help as there’re lots of Android users worldwide

Another thing since you have the list meaning other Android that wasn’t on the list are safe from this!?like lower models and higher?

Velkro

legendary

Activity: 2296

Merit: 1014

Quote from: maxreish on October 04, 2019, 07:19:07 AM

Here are the affected Android Mobile Phone Models:

Pixel 1
Pixel 1 XL
Pixel 2
Pixel 2 XL
Huawei P20
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Xiaomi A1
Oppo A3
Moto Z3
Oreo LG phones
Samsung S7
Samsung S8
Samsung S9

This is big news and shows one more time that nobody should keep on mobile phone big amount of BTC.
Keeping crypto offline is the way to go, you must treat then physical security seriously rather than internet/computer security which is hard also but whole different topic.

Whatever you will chooose physical or internet security do it good, do not include mobile phone in this

rocku12345

hero member

Activity: 882

Merit: 518

Quote

AOSP Android kernel versions 3.18, 4.4 and 4.9

Only these versions of kernel are safe as I have understood from the link above. I still use my old LG G3s and seems it is a subject to be a bit worried. On stock firmware 5.02 i see Kernel version 3.40+... Will it be enough to download updated Chrome in future or I have to change my firmware/phone ? Google based browser has a good feature to connect passwords with many devices, but is it safe to use now before update, hmm.

hugeblack

legendary

Activity: 2688

Merit: 3983

Most of these vulnerabilities require additional components to work successfully, such as adding or connecting to a hard drive or installing/running a program.
So you will be safe as long as you save your phone in a safe place and did not download a lot of applications or applications that are not trusted the source.
Downloading apps from Google play doesn't mean it's safe + phones are not designed to be a permanent wallet/contain a lot of money "because they need to connect online a lot of times."

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: maxreish on October 04, 2019, 07:19:07 AM

Remember not to hastily download and install unnecessary and malicious apps from a third party app stores. Always think before you click.

It should be common practice to download apps only from Google Play Store, and to check all available information about apps we want to install. In most cases users can prevent any damage if they make small research and google key words.

It is bad for some users that patch for this exploit will not be available at all, or it will come with delay. This is reason to get some new model of phone, they get updates first. For example Huawei will update their smartphones with Android 10 in November 2019, starting with P30/pro, but some other Huawei models will get Android 10 in Q2 2020.

Personally, I prefer to keep as little confidential information as possible on my smartphone, no matter what, operating systems are like Swiss cheese - full of security holes waiting for someone to discover them.

akram143

full member

Activity: 1106

Merit: 166

★777Coin.com★ Fun BTC Casino!

Quote from: smyslov on October 04, 2019, 09:59:01 PM

Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.

Play protect doesn't check all the concerns of their terms while apps updated,they will take a look into it only if they got some complaint from the users recently many most downloaded apps also removed from play store due to privacy issues so you need to careful while clicking the approval things of any apps your are going to install,if its asking for unnecessary things then uninstall it at the first step.

Mahanton

hero member

Activity: 2730

Merit: 632

Quote from: smyslov on October 04, 2019, 09:59:01 PM

Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.

Not all on google playstore arent safe.Just take for example where it do ask out permissions of the app that can alter/modify/check your personal info and other things on your phone which is already worry some thing.Fake app reviews can easily be spotted out and anytime you do make downloads always check out their asked permissions and if you do find out
that it isnt necessary or already going overboard then better not to proceed on.

Quote from: nakamura12 on October 04, 2019, 04:33:59 PM

My phone is also not list and you are right we can't help but worrying about our phones. Even though some phones are not in the list that doesn't mean it can't be exploited by bugs. It could be possible but let's hope that it won't happen in other mobile devices just like what happens to those devices that are in the list.

Any device that do have internet connection would really be prone up to these hacks and exploits.So your self common sense would be a great weapon even we arent that tech savvy.

smyslov

sr. member

Activity: 2030

Merit: 269

Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

That's quite sad. Imagine flagship phones backed by google also being in the same list. =This just goes to show you that no system is totally secure. There is always away hackers will find to access and attack it.

Also always installing security patch updates is very important in keeping one's device secure.

boyptc

hero member

Activity: 3024

Merit: 680

★Bitvest.io★ Play Plinko or Invest!

That gave me fear when I've seen 'android' however I've looked into the list and my phone's brand is there but luckily the model isn't there.

Although right now, I'm still not confident after seeing this news. Undecided

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: Mahanton on October 04, 2019, 11:05:09 AM

A very serious bug we do have here knowing that past exploits towards Android OS does only mention on app access and getting some back door permissions but this one
can potentially to fully control ones device which is really very dangerous.Trying to look out on the list of Phones and luckily my Xaiomi Black shark isnt included but this is still worried some.For security purposes im not even doing mobile banking nor installing any crypto wallet on my phone due to this possible reason.

My phone is also not list and you are right we can't help but worrying about our phones. Even though some phones are not in the list that doesn't mean it can't be exploited by bugs. It could be possible but let's hope that it won't happen in other mobile devices just like what happens to those devices that are in the list.

prix

hero member

Activity: 750

Merit: 511

https://bugs.chromium.org/p/project-zero/issues/detail?id=1942

If I understand correctly, an additional application is required to operate the bug in the browser.
That is, only using the browser control can not be obtained. Correct if I'm wrong.

Mahanton

hero member

Activity: 2730

Merit: 632

Quote from: maxreish on October 04, 2019, 07:19:07 AM

The bug was discovered by the researcher (Masdie Stone of Project Zero), they have already reported it to the Android Security Team. The said "Zero-Day Vulnerability" will bind to the Android kernel's driver which the attackers will have an access and will fully control the device.

A very serious bug we do have here knowing that past exploits towards Android OS does only mention on app access and getting some back door permissions but this one
can potentially to fully control ones device which is really very dangerous.Trying to look out on the list of Phones and luckily my Xaiomi Black shark isnt included but this is still worried some.For security purposes im not even doing mobile banking nor installing any crypto wallet on my phone due to this possible reason.

Topic: [Beware] most Android phones being exploited (Read 363 times)