Author

Topic: [Beware] most Android phones being exploited (Read 364 times)

hero member
Activity: 1834
Merit: 759
October 06, 2019, 09:12:47 PM
#23
This news made me realized that there are still advantages for having an outdated phone Cheesy, probably I'll keep using it for the meantime or maybe search for a better brand.

I don't think there are any concrete advantages in using an old phone. If your phone isn't getting security updates anymore, you could be vulnerable to both old and new exploits. This particular vulnerability can be patched, for instance.

The thing with phones separate from their kernel issue is you are downloading apps from the app store which could potentially infect your phone as well as usually requiring massive amounts of private/unneeded data from your phone.

It's not necessarily a kernel issue, as nothing is inherently wrong with them; it's an exploit. If you put things that way, PC isn't any more secure, with threats like malvertising requiring zero interaction from end users to infect. Knowing what to do and what not to do will protect you against most threats you're likely to face, regardless of the platform you're using.
legendary
Activity: 1232
Merit: 1080
This is one of the major reasons why I advise against storing Bitcoin on mobile phones. I would prefer people to use Windows over android/IOS. The thing with phones separate from their kernel issue is you are downloading apps from the app store which could potentially infect your phone as well as usually requiring massive amounts of private/unneeded data from your phone.
sr. member
Activity: 644
Merit: 255
CryptoTalk.Org - Get Paid for every Post!
@abel1337 and joniboni

I know that there are still models which are not affected but I can't help to not to think the possibility that those brands mentioned are now unsafe. I mean, if the bug or virus (or whatever it is) able to infiltrate the system of Redmi Note 5 then it's not impossible for Redmi Mi 9T to experience the same thing since they have the same manufacturer.

I am not very knowledgeable about gadgets and I also don't know if I'm making sense at all but what I'm sure is that I'm now losing interest to Xiaomi.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
Updating the kernel would be the best choice. If your provider didn't provide an update for that, either you buy a new device or stop using Chromium if you're paranoid.
Fair point. Well, there is a way to prevent getting scam if your mobile device is in the list and all you have to do is never use that mobile device when accessing your wallet that can compromise your account. Don't use it for crypto purposes and not getting scammed because of a bug.
legendary
Activity: 2170
Merit: 1789
OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one.

If you read it carefully, you'll know how to avoid the bug just in case there is no way to fix it. It's not like your phone will go nuts only because it has a buggy kernel.

Don't fall for the headline. It's misleading if you don't read the full news.

Another thing since you have the list meaning other Android that wasn’t on the list are safe from this!?like lower models and higher?

Read the news, and you'll know the answer.

Will it be enough to download updated Chrome in future or I have to change my firmware/phone ? Google based browser has a good feature to connect passwords with many devices, but is it safe to use now before update, hmm.

Updating the kernel would be the best choice. If your provider didn't provide an update for that, either you buy a new device or stop using Chromium if you're paranoid.
legendary
Activity: 2492
Merit: 1145
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one. But now, I'm hesitating whether I will buy even any of those Xiaomi smartphones or not. I really like Xiaomi because it was cheap with high quality — a true flagship killer, but if it could be a threat for my security then I'll pass.

This news made me realized that there are still advantages for having an outdated phone Cheesy, probably I'll keep using it for the meantime or maybe search for a better brand.
This ain't gonna hinder you from buying those xiaomi phones, It's just better to avoid those model which is on the list. There are many xiaomi Redmi series that aren't included in the list.

As OP's statement said, Google releases a patch to the affected devices. The device on the list didn't receive any updates. I'm sure another xiaomi phone would not have this issue especially they are rising up and establishing their good reputation in the market.

This case can happen on most of the android devices, Just be careful on what you are browsing or downloading. As time passes the ethical way to hack the phones is getting stronger.
sr. member
Activity: 644
Merit: 255
CryptoTalk.Org - Get Paid for every Post!
OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one. But now, I'm hesitating whether I will buy even any of those Xiaomi smartphones or not. I really like Xiaomi because it was cheap with high quality — a true flagship killer, but if it could be a threat for my security then I'll pass.

This news made me realized that there are still advantages for having an outdated phone Cheesy, probably I'll keep using it for the meantime or maybe search for a better brand.
sr. member
Activity: 2618
Merit: 439
Luckily I’m not android user lol 😂😂😂

But this will take effect to my sons Mobile so thanks for the sharing OP this is a big help as there’re lots of Android users worldwide

Another thing since you have the list meaning other Android that wasn’t on the list are safe from this!?like lower models and higher?
legendary
Activity: 2296
Merit: 1014
Here are the affected Android Mobile Phone Models:
  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi  A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7
  • Samsung S8
  • Samsung S9
This is big news and shows one more time that nobody should keep on mobile phone big amount of BTC.
Keeping crypto offline is the way to go, you must treat then physical security seriously rather than internet/computer security which is hard also but whole different topic.

Whatever you will chooose physical or internet security do it good, do not include mobile phone in this Smiley
hero member
Activity: 882
Merit: 518
Quote
AOSP Android kernel versions 3.18, 4.4 and 4.9
Only these versions of kernel are safe as I have understood from the link above. I still use my old LG G3s and seems it is a subject to be a bit worried. On stock firmware 5.02 i see Kernel version 3.40+... Will it be enough to download updated Chrome in future or I have to change my firmware/phone ? Google based browser has a good feature to connect passwords with many devices, but is it safe to use now before update, hmm.
legendary
Activity: 2702
Merit: 4002
Most of these vulnerabilities require additional components to work successfully, such as adding or connecting to a hard drive or installing/running a program.
So you will be safe as long as you save your phone in a safe place and did not download a lot of applications or applications that are not trusted the source.
Downloading apps from Google play doesn't mean it's safe + phones are not designed to be a permanent wallet/contain a lot of money "because they need to connect online a lot of times."
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Remember not to hastily download and install unnecessary and malicious apps from a third party app stores. Always think before you click.

It should be common practice to download apps only from Google Play Store, and to check all available information about apps we want to install. In most cases users can prevent any damage if they make small research and google key words.

It is bad for some users that patch for this exploit will not be available at all, or it will come with delay. This is reason to get some new model of phone, they get updates first. For example Huawei will update their smartphones with Android 10 in November 2019, starting with P30/pro, but some other Huawei models will get Android 10 in Q2 2020.

Personally, I prefer to keep as little confidential information as possible on my smartphone, no matter what, operating systems are like Swiss cheese - full of security holes waiting for someone to discover them.
full member
Activity: 1106
Merit: 166
★777Coin.com★ Fun BTC Casino!
Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.
Play protect doesn't check all the concerns of their terms while apps updated,they will take a look into it only if they got some complaint from the users recently many most downloaded apps also removed from play store due to privacy issues so you need to careful while clicking the approval things of any apps your are going to install,if its asking for unnecessary things then uninstall it at the first step.
hero member
Activity: 2730
Merit: 632
Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.

Not all on google playstore arent safe.Just take for example where it do ask out permissions of the app that can alter/modify/check your personal info and other things on your phone which is already worry some thing.Fake app reviews can easily be spotted out and anytime you do make downloads always check out their asked permissions and if you do find out
that it isnt necessary or already going overboard then better not to proceed on.

My phone is also not list and you are right we can't help but worrying about our phones. Even though some phones are not in the list that doesn't mean it can't be exploited by bugs. It could be possible but let's hope that it won't happen in other mobile devices just like what happens to those devices that are in the list.
Any device that do have internet connection would really be prone up to these hacks and exploits.So your self common sense would be a great weapon even we arent that tech savvy.
sr. member
Activity: 2030
Merit: 269
Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
That's quite sad. Imagine flagship phones backed by google also being in the same list. =This just goes to show you that no system is totally secure. There is always away hackers will find to access and attack it.

Also always installing security patch updates is very important in keeping one's device secure.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
That gave me fear when I've seen 'android' however I've looked into the list and my phone's brand is there but luckily the model isn't there.

Although right now, I'm still not confident after seeing this news.  Undecided
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
A very serious bug we do have here knowing that past exploits towards Android OS does only mention on app access and getting some back door permissions but this one
can potentially to fully control ones device which is really very dangerous.Trying to look out on the list of Phones and luckily my Xaiomi Black shark isnt included but this is still worried some.For security purposes im not even doing mobile banking nor installing any crypto wallet on my phone due to this possible reason.
My phone is also not list and you are right we can't help but worrying about our phones. Even though some phones are not in the list that doesn't mean it can't be exploited by bugs. It could be possible but let's hope that it won't happen in other mobile devices just like what happens to those devices that are in the list.
hero member
Activity: 750
Merit: 511
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942

If I understand correctly, an additional application is required to operate the bug in the browser.
That is, only using the browser control can not be obtained. Correct if I'm wrong.

hero member
Activity: 2730
Merit: 632

The bug was discovered by the researcher (Masdie Stone of Project Zero), they have already reported it to the Android Security Team. The said "Zero-Day Vulnerability" will bind to the Android kernel's driver which the attackers will have an access and will fully control the device.

A very serious bug we do have here knowing that past exploits towards Android OS does only mention on app access and getting some back door permissions but this one
can potentially to fully control ones device which is really very dangerous.Trying to look out on the list of Phones and luckily my Xaiomi Black shark isnt included but this is still worried some.For security purposes im not even doing mobile banking nor installing any crypto wallet on my phone due to this possible reason.
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
Samsung S10 and Note 10 are not on the list. That's good if you're on the latest phone...

But all other models like Samsung S7, Samsung S8, Samsung S9 are, which is scary enough and for sure, if not already then in the near future S10 and other newer models will be hacked soon (if not already  Wink). It is of course very logical that all older models are already worked out, and newer ones are waiting in line. There is only a small percentage of new models compared to all models from recent years. It is much more profitable for hackers to work on older devices, because they have a lot more users, and thus potential victims and profits for them.

For some time now, I am thinking of buying a new phone, because we have such times that without a decent smartphone it is impossible to function normally.
I was looking for some really safe model for a long time and even set up threads in my local section, where I discussed with other Bitcointalk users this topic.
Unfortunately, today I still have my old phone, because there is no secure smartphone yet developed and this vulnerability only confirms my statement.
newbie
Activity: 27
Merit: 27
Samsung S10 and Note 10 are not on the list. That's good if you're on the latest phone. And it says Chrome or Chromium.

Another reason for you to download a different browser and use that by default, like Firefox for Android, or Firefox Focus. I'm not sure what renderer the Samsung Internet web browser uses.
sr. member
Activity: 1330
Merit: 326

The most widely used mobile operating system Android is facing an issue regarding the affected Android phones being exploited.

The bug was discovered by the researcher (Masdie Stone of Project Zero), they have already reported it to the Android Security Team. The said "Zero-Day Vulnerability" will bind to the Android kernel's driver which the attackers will have an access and will fully control the device.

Here are the affected Android Mobile Phone Models:
  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi  A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7
  • Samsung S8
  • Samsung S9

It was said that it can be work;
- by accessing it inside the Chrome Sandbox
-And it can be exploited remotely by combining it with a separate chrome rendering flaw.

However, there is possible solution to this.
Google will release a "PATCH" this October in most affected devices. Sadly, certain devices that are affected will not likely receive the said patch immediately aside from Google. Picel 1 and 2.

Remember not to hastily download and install unnecessary and malicious apps from a third party app stores. Always think before you click.

A full detail is available here.
Jump to: