Related
Just curiosity: Are people that are reporting "bugs" (though to me it sounds like apps that need to be updated for full compatibility with Froyo) running the OTA updated 2.2, or manually updated 2.2?
Edit: Changed name to Froyo(HACK) as recommended by someone since no one seems to be running a genuine OTA updated Froyo
Manually-updated using the official signed update from Google, for me. I don't have most of the bugs that have been reported here; the only one I'm currently aware of is that two applications I updated via the market this morning are no longer shown in the "Downloads" list, although they are labeled as "installed" when I search for them in the market. Other than that, no problems here.
crackness said:
Just curiosity: Are people that are reporting "bugs" (though to me it sounds like apps that need to be updated for full compatibility with Froyo) running the OTA updated 2.2, or manually updated 2.2?
Click to expand...
Click to collapse
No one on the entirety of XDA has upgraded via the OTA update. Everyone hacked.
(The OTA was press-only for people who attended Google I/O.)
Paul22000 said:
No one on the entirety of XDA has upgraded via the OTA update. Everyone hacked.
(The OTA was press-only for people who attended Google I/O.)
Click to expand...
Click to collapse
Ahhh.... I thought that was only speculation :/
/trying my hardest not to ***** and moan...
Paul22000 said:
No one on the entirety of XDA has upgraded via the OTA update. Everyone hacked.
(The OTA was press-only for people who attended Google I/O.)
Click to expand...
Click to collapse
Exactly.. About time more people acknowledged this.
logger said:
Exactly.. About time more people acknowledged this.
Click to expand...
Click to collapse
I understand what you're saying.
However Google have released an OTA update to the MEDIA!
They'll grab this with both hands and show how the NEW messiah has fallen over again and how we should have all bought iPhones.....
I do believe this Froyo is HIGHLY unpolished and very dissapointing. It should have been released when it was fully ready.
I'm desperately trying to get back to CM but it seems to have screwed my phone and I'm stuck........
wmm said:
Manually-updated using the official signed update from Google, for me. I don't have most of the bugs that have been reported here; the only one I'm currently aware of is that two applications I updated via the market this morning are no longer shown in the "Downloads" list, although they are labeled as "installed" when I search for them in the market. Other than that, no problems here.
Click to expand...
Click to collapse
The market problem has a fix in this thread:
http://forum.xda-developers.com/showthread.php?p=6572697#post6572697
google needs to provide an official fix for the issue so we don't have to use the hack one
punk4bc said:
The market problem has a fix in this thread...google needs to provide an official fix for the issue so we don't have to use the hack one
Click to expand...
Click to collapse
yoo mean a hack for a hack
I think I'll just wait for the official Google OTA.
Good thing that people around here are chasing up all the last minute bugs for Google though. I am sure they would prefer to see them now rather than after releasing it to the general public.
logger said:
yoo mean a hack for a hack
I think I'll just wait for the official Google OTA.
Good thing that people around here are chasing up all the last minute bugs for Google though. I am sure they would prefer to see them now rather than after releasing it to the general public.
Click to expand...
Click to collapse
good point lol
I'm waiting for the official Google too
Yeah I updated with Paul's version and I would have stayed on froyo but having annoying camera bugs.
I dont think Google meant this as an actual release since you Market isn't allowing protected apps etc with the froyo fingerprint. etc.
So i'm back on Cyan and all is well with the world.
I did however keep the newer radio to test it out.
It would be great if someone around here could change EVERY thread title that mentions this version to FROYOHACK so that once the real official one is released, we dont have to wade through all this pre-release BS. I know it is not possible but just thought.
What were your camera bugs?
I did Paul's too and mine worked 100%. Still have the new radio and according to speed tests it is doing better than the old one
punk4bc said:
What were your camera bugs?
I did Paul's too and mine worked 100%. Still have the new radio and according to speed tests it is doing better than the old one
Click to expand...
Click to collapse
I've posted it in the general forum. QIK app didn't work and if you use the stock camera app and slide to the camcorder then BACK to the camera, N1 would crash.
I posted the logcat and it appears there are some incompatibilities somewhere deep. I tried every kind of wipe and 'band-aid' that I could to get it working and failed miserably.
But I figured since i'm on an AT&T N1 that this release wasn't intended for me and there must be some kind of subtle differences.
*shrug* we'll see.
wmm said:
Manually-updated using the official signed update from Google, for me. I don't have most of the bugs that have been reported here; the only one I'm currently aware of is that two applications I updated via the market this morning are no longer shown in the "Downloads" list, although they are labeled as "installed" when I search for them in the market. Other than that, no problems here.
Click to expand...
Click to collapse
One thing I have learn is a app has a widget and it is moved to the sdcard it will show install but not show. I moved these to the phone and they show now.
logger said:
It would be great if someone around here could change EVERY thread title that mentions this version to FROYOHACK so that once the real official one is released, we dont have to wade through all this pre-release BS. I know it is not possible but just thought.
Click to expand...
Click to collapse
Hey thanks MOD (or whoever did it) for renaming the thread. Excellent Job...
I don't know if it's a bug, but I can't find FM radio anywhere... and I believe it was announced.
logger said:
Hey thanks MOD (or whoever did it) for renaming the thread. Excellent Job...
Click to expand...
Click to collapse
Hah, as OP, I changed it. I didn't realize (though I had read it somewhere else) that the only people who got the OTA update were press/developers who went to I/O.
FOR THOSE JUST READING NOW: According to Paul (and where ever else I read online), anyone else with Froyo updated manually, so take current issues with a grain of salt.
Deusdies said:
I don't know if it's a bug, but I can't find FM radio anywhere... and I believe it was announced.
Click to expand...
Click to collapse
The FM radio stuff was never announced OFFICIALLY. I do remember it being something rumored, but I don't ever remember Google saying it was an addition to Froyo. AND, even if it was announced, read my reiteration above about no normal consumers having the Official OTA update to Froyo.
ibegary said:
I've posted it in the general forum. QIK app didn't work and if you use the stock camera app and slide to the camcorder then BACK to the camera, N1 would crash.
I posted the logcat and it appears there are some incompatibilities somewhere deep. I tried every kind of wipe and 'band-aid' that I could to get it working and failed miserably.
But I figured since i'm on an AT&T N1 that this release wasn't intended for me and there must be some kind of subtle differences.
*shrug* we'll see.
Click to expand...
Click to collapse
I running Froyo on the AT&T Nexus on Telus here in Canada and so far I am having no issues, maybe some app that you installed is causing the crash...weird tho.
crackness said:
Hah, as OP, I changed it. I didn't realize (though I had read it somewhere else) that the only people who got the OTA update were press/developers who went to I/O.
FOR THOSE JUST READING NOW: According to Paul (and where ever else I read online), anyone else with Froyo updated manually, so take current issues with a grain of salt.
Click to expand...
Click to collapse
Sort of ironic now, that people will avoid this thread in favour of ones without HACK in the title, as they will not want to accept that they have a hacked version on their device You cant win I guess.
For those who were using any storm8 game when u had stock 2.1, then updated to any leaks, you might have noticed that all those games stopped working.
Just updated to the OTA and now all of a sudden, the apps work, im no longer stuck at the login screen even if username and password are correct and resulted in login failures.
Since we don't have insanely good games like on the iPhones, this makes due til the android market beefs up with better games.
Sent from my DROIDX using XDA App
I never noticed problems with Kingdoms Live. I only ran the first 2.2 leak, though.
I have this exact issue. The reply from Strom8 is below:
Storm8 Support said:
Hi John,
It's the specific implementation of 2.2 on the phone. Instead of generating a unique ANDROID_ID when the device is first run or factory reset (the intended behavior), it uses a predefined ANDROID_ID for every phone with the same implementation. Addressing this ought to allow for normal gameplay.
Yours,
Storm8 Support Fox
Click to expand...
Click to collapse
Hopefully what you are saying about the OTA update fixing it means there is hope. Unfortunately for me as a T-mobile users I am not going to hold my breath waiting for the OTA of 2.2 on my Vibrant. It was promised months ago and actually getting is is still not something I see happening soon.
Hey Xoomers! It appears that wifi-only xoom owners are also having the updates pushed to their tabs also! I have not received it yet, but be patient, looks like all Xooms are being updated!
https://supportforums.motorola.com/message/380602#380602
could be an accident. looks like people over there are getting silenced about the update
From the sounds of it, this was meant to go out to their preview members only. I guess someone jumped the gun and didn't bother to let them know they weren't supposed to talk about it.
Which is only a guess, since the corporate rep on the forums has been very vague - only a single post with a "maybe" and then a bunch of posts insisting that people who have stated they got an update check their email.
I wonder if Motorola has really internalized the fact that there are, like, four or five other vendors for these tablets coming out in the next few months - many of them with very, very similar hardware. Not communicating with their tech-savvy audience seems like a poor way to convince people to recommend their tablet over others.
They need to share this ****!!!
Sent from my 4G LTE Thunderbolt using XDA Premium
i got the update on my WIFI ONLY xoom i tried installing it it crashed on the android with exclamation mark, so i restarted and its back on 3.0.1 and says its up to date
DAMMIT
not only in usa
also reported in my country
Seems moto launch a experiment
This is pretty disappointing. The update obviously exists and works on the wifi xoom but google won't release it yet probably just to make Verizon happy.
Are people really going to go out and buy 3g xooms just because the update on Verizon came first.
SS2006 said:
i got the update on my WIFI ONLY xoom i tried installing it it crashed on the android with exclamation mark, so i restarted and its back on 3.0.1 and says its up to date
DAMMIT
Click to expand...
Click to collapse
Same happened to me...
My wife's stock US wifi xoom (purchased 1 week ago) got the update last night. My rooted wifi xoom (purchased shortly after launch) hasn't received it yet.
machupo75 said:
My wife's stock US wifi xoom (purchased 1 week ago) got the update last night. My rooted wifi xoom (purchased shortly after launch) hasn't received it yet.
Click to expand...
Click to collapse
Hmm Being in Denmark and having purchased a US Xoom Wifi I wonder what to do. (Stock 3.0)
So I did the following ...
Added a VPN tunnel to USA. (had previosly brought VPN access)
Set the date 1 day back, to let the Xoom look for updates.
" no cigar! "
Set the date 1 day forward (today´s date)
Still no luck -
I wonder if the update is really rolling out
Can Anyone confirm Xoom Wifi is really getting 3.1 right now ?
Is there Anyway to "push" it - (besides the date change procedure)
Have a good one
Mike -
mkrogh65 said:
Hmm Being in Denmark and having purchased a US Xoom Wifi I wonder what to do. (Stock 3.0)
So I did the following ...
Added a VPN tunnel to USA. (had previosly brought VPN access)
Set the date 1 day back, to let the Xoom look for updates.
" no cigar! "
Set the date 1 day forward (today´s date)
Still no luck -
I wonder if the update is really rolling out
Can Anyone confirm Xoom Wifi is really getting 3.1 right now ?
Is there Anyway to "push" it - (besides the date change procedure)
Have a good one
Mike -
Click to expand...
Click to collapse
I also have a US WIFI only Xoom in Europe and i'm impatient
I downloaded the update from development forum, made a host USB cable and updated my Xoom manually.
I must say that everything that i hoped for is fixed in 3.1, so i'm really pleased with my Xoom now.
poisike said:
I also have a US WIFI only Xoom in Europe and i'm impatient
I downloaded the update from development forum, made a host USB cable and updated my Xoom manually.
I must say that everything that i hoped for is fixed in 3.1, so i'm really pleased with my Xoom now.
Click to expand...
Click to collapse
ya - I read about the procedure.
I dont think ill root my Xoom, even though my phone is (SGS I9000)
But is it possible to do without rooting the Xoom ?
Could you please provide link from the post you followed ?
Mike
mkrogh65 said:
ya - I read about the procedure.
I dont think ill root my Xoom, even though my phone is (SGS I9000)
But is it possible to do without rooting the Xoom ?
Could you please provide link from the post you followed ?
Mike
Click to expand...
Click to collapse
You don't need root, my Xoom was stock before and is stock now.
Check http://forum.xda-developers.com/showpost.php?p=13679173&postcount=110
poisike said:
I also have a US WIFI only Xoom in Europe and i'm impatient
I downloaded the update from development forum, made a host USB cable and updated my Xoom manually.
I must say that everything that i hoped for is fixed in 3.1, so i'm really pleased with my Xoom now.
Click to expand...
Click to collapse
I'd also like to hear more about your update experience and see how you made a usb host cable.
Will probably require a new thread.
SnakeManJayd said:
I'd also like to hear more about your update experience and see how you made a usb host cable.
Will probably require a new thread.
Click to expand...
Click to collapse
Read the Guide thread, all information is there, including a link to how to make a host cable. If something is still unclear, then just ask.
Not according to my conversation with Motorola today. Can you buy a wi-fi only from Verizon? Just wondering if those are still branded differently and that's why they're getting updates.
For now 32GB is plenty for me so I'm not exactly screaming for the SD card update. But I will be a little disappointed if I have to wait weeks for my update when Verizon got theirs already. There were several items in the list below that I was really hoping to take advantage of. I'm not exactly crying over the update just yet though, because I'd rather do the official OTA update than download directly like others have been doing. However, I will pre-qualify all this with...the rep I spoke with didn't seem to be the most knowlegable and appeared to be reading from a script based on the responses I was given to some other questions I asked. So take this with a grain of salt.
Ann: Motorola XOOM with Wi-Fi tablets and other variants of Motorola XOOM will receive the update within the next several weeks.
frost: will this update include the sd card support?
Ann: It does not.
frost: will that fix be implemented any time in the near future?
Ann: It's enhancements are:
● Enables movie services including Android Market Movie Rental via full HDCP / DRM support
● Enables support for full Adobe Flash 10.2 release
● Picture Transfer Protocol Feature Support
● Bluetooth(R) support in Gtalk
● Bluetooth(R) mouse support along with further Bluetooth(R) headset support
● Adding Proxy support for Wi-Fi network
● Resizable widgets
● Additional shortcut key support for Bluetooth keyboard
Ann: Yes. A future software upgrade will enable the SD card.
So I've changed my Date & Time and still haven't recieved my 3.1 Update for my Wifi Xoom.
Any suggestions....???? (Besides being patient...... just can't do that....)
Coldheat1906 said:
So I've changed my Date & Time and still haven't recieved my 3.1 Update for my Wifi Xoom.
Any suggestions....???? (Besides being patient...... just can't do that....)
Click to expand...
Click to collapse
A time machine, it's the only way.
poisike said:
You don't need root, my Xoom was stock before and is stock now.
Check http://forum.xda-developers.com/showpost.php?p=13679173&postcount=110
Click to expand...
Click to collapse
Hey - Tnx Man XD
Mike -
Elysian893 said:
A time machine, it's the only way.
Click to expand...
Click to collapse
Got to be another way....
Has anyone else with a Wifi model got there update today?
Unreal,
Read it here........
http://www.businessinsider.com/unpa...ung-smartphones-risk-hacking-nowsecure-2015-6
CC
cc999 said:
Unreal,
Read it here........
http://www.businessinsider.com/unpa...ung-smartphones-risk-hacking-nowsecure-2015-6
CC
Click to expand...
Click to collapse
From what I understand it has to be done on an unsecured network and has to be at the exact same time as you update the app. Making it next to impossible as a hacker would have to know your updating habits!
Sent from my SM-G920I using Tapatalk
Even with 600 million devices at risk, the chances that this exploit could ever be used is minimal because as mentioned above it required someone to do some pretty unlikely things on a network with a hacker
You guys act like you all work for some intelligence companies and hackers would give a **** to steal your data.
Sent from my SM-G920T
Totally overblown and already being discussed in the S6 Edge forum (link). Here are the most pertinent posts:
tanjiajun_34 said:
I believe it should be easy to fix. I cannot try because I have have Swiftkey preinstalled but I believe these are the methods you can try...
1. Update the Swiftkey to the one on Play Store.
2. Disable the Swiftkey application. I believe all non Samsung system applications and some of Samsung's system applications should be able to be disabled. Swiftkey shouldn't be a problem...
3. You are here on xda so chances you will be rooting your phone I assume? If you have root, you can just uninstall it.
Click to expand...
Click to collapse
droidzer1 said:
Totally overblown vulnerability article today on Swiftkey. Firstly I seriously doubt 600M phones have it. I just checked 8 Samsung phones from various carriers - Sprint, Verizon, US cellular - S3, S4's, S5's, Note 2 and 3's and out of those 8 only one had Swiftkey on it. Easy to uninstall or Freeze if rooted. I take this as a punch back from someone on the Apple fan club finding a minor and hard to exploit vulnerability in android since Apple just got hit big in the last week or so. If you didn't find one of the articles detailing this exploit here's the skinny: It only can be exploited if you are on Wifi and on the same Hotspot or router as a would be hacker. That hacker needs to do some fairly complex stuff to spoof a Swiftkey server and your phone has to be trying to download a language pack update. I'd say there is about a 1 in 600 million chance of that happening
Click to expand...
Click to collapse
So, this pretty much sums it up in one word:
cc999 said:
Unreal
Click to expand...
Click to collapse
Galaxy S6 Keyboard Security Fix
Hello all,
So we all know about the security flaw of the Samsung keyboard app that has affected the Galaxy S6, S5, S4 and other devices. Simply installing a third-party keyboard will not fix the problem. You need to completely uninstall it.
Source: http://www.naldotech.com/how-to-fix-galaxy-s6-keyboard-swiftkey-security-issue/
Note: Make sure to have a third-party keyboard installed or you will not be able to use the phone.
1. You need root access and Titanium Backup.
2. Open Titanium and go to Backup/Restore.
Scroll down until you find Samsung Keyboard 4.0 and tap on it.
Make a backup first and then press the uninstall button"".
This isn't the best solution but it will work for all the people who want to sleep well at night without the fear of the flaw.
there is nothing to worry about, don't connect to unsecure networks (but how often do you do that) and don't update the language packs when you are on one (how often do you do that? once during setup!!)
ive always preferred the google keyboard, thank you.
The bug is not in the app called "SwiftKey" that comes preinstalled or the one you might get from the Play Store, but in the stock Samsung keyboard app, which uses an SDK from SwiftKey (here referring to SwiftKey the company, not the aforementioned SwiftKey app) to do its word predictions. The vulnerability can be exploited (as I understand it) as often as this stock keyboard polls for language updates. Not sure how often that is, but it isn't user initiated, so it could happen at any time if the app polls for an update while the user is connected to a network with a malicious user on it. The best protection for the average user (as I understand it) is to simply avoid connecting to networks whose security you aren't absolutely certain of. this is the technical writeup where I got most of my info from, however, they do talk about a "Swift keyboard", which the other reputable sources I've seen (such as this SwiftKey article on the issue) clarify as the stock Samsung keyboard.
okay if I understand you correctly you are saying that the Samsung keyboard was developed using the SDK from swifty and the only way to not be vulnerable to this exploit is to remove the stock samsung keyboard and use a third-party alternative is that correct?
Sent from my SM-G920F
OSI-813 said:
okay if I understand you correctly you are saying that the Samsung keyboard was developed using the SDK from swifty and the only way to not be vulnerable to this exploit is to remove the stock samsung keyboard and use a third-party alternative is that correct?
Sent from my SM-G920F
Click to expand...
Click to collapse
If you are rooted and have the ability to completely remove it, I think that would probably get rid of the issue as well, but I can't say that definitively, and I can't say for sure what side effects that might have. (If someone who knows the internals a bit better would weigh in, I would appreciate some clarification on that point as well.) I know that just switching the default keyboard to a third-party isn't good enough. What I am doing until a fix comes out (which doesn't really differ from my normal behaviors, but that's beside the point) is basically only connecting to the wifi at home, work, and the university I am attending. I also added the update site (skslm.swiftkey.net) to my hosts file (using AdAway), which should block any traffic to the update site from leaving the phone.
OSI-813 said:
okay if I understand you correctly you are saying that the Samsung keyboard was developed using the SDK from swifty and the only way to not be vulnerable to this exploit is to remove the stock samsung keyboard and use a third-party alternative is that correct?
Sent from my SM-G920F
Click to expand...
Click to collapse
You could just wait a few days, knowing that the risk is very insignificant in the first place:
Update: Samsung reached out to us to announce that it will soon patch the vulnerability through Knox. Read the full statement below:
Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Source: Phone Arena
They have to initiate the hack the SAME EXACT TIME you update your keyboard app...lol. You've got better chances of being robbed at gun point FYI.
bloodrain954 said:
They have to initiate the hack the SAME EXACT TIME you update your keyboard app...lol. You've got better chances of being robbed at gun point FYI.
Click to expand...
Click to collapse
False. Anyone with a little programming knowledge and the right tools could easily set up a program to passively take advantage of this exploit. It doesn't require the user to do anything to the keyboard app, the app polls for updates to its language files every so often regardless of anything the user does. And all the attacker has to do is use software that's already out there that lets them write programs to intercept and alter web traffic. Heck, there's a proof of concept by the people at NowSecure that should be pretty easy to turn into a usable hack. An industrious hacker might not even have to be nearby, they could tuck a Rasperry Pi away in the corner of a starbucks and infect some phones that way. Are you at any risk in most situations? Probably not. But I still would make sure your phone doesn't automatically connect to unsecured wi-fi.
dustfinger314 said:
False. Anyone with a little programming knowledge and the right tools could easily set up a program to passively take advantage of this exploit. ....
An industrious hacker might not even have to be nearby, they could tuck a Rasperry Pi away in the corner of a starbucks and infect some phones that way. Are you at any risk in most situations? Probably not. But I still would make sure your phone doesn't automatically connect to unsecured wi-fi.
Click to expand...
Click to collapse
Curious, how often are you on an insecure network? For me, basically pretty much never.
krelvinaz said:
Curious, how often are you on an insecure network? For me, basically pretty much never.
Click to expand...
Click to collapse
Haha, also pretty much never.
dustfinger314 said:
False. Anyone with a little programming knowledge and the right tools could easily set up a program to passively take advantage of this exploit. It doesn't require the user to do anything to the keyboard app, the app polls for updates to its language files every so often regardless of anything the user does. And all the attacker has to do is use software that's already out there that lets them write programs to intercept and alter web traffic. Heck, there's a proof of concept by the people at NowSecure that should be pretty easy to turn into a usable hack. An industrious hacker might not even have to be nearby, they could tuck a Rasperry Pi away in the corner of a starbucks and infect some phones that way. Are you at any risk in most situations? Probably not. But I still would make sure your phone doesn't automatically connect to unsecured wi-fi.
Click to expand...
Click to collapse
I'm curious, do you buy tinfoil hats in bulk or as needed?
bloodrain954 said:
I'm curious, do you buy tinfoil hats in bulk or as needed?
Click to expand...
Click to collapse
I can't tell you that for security reasons.
I think you're more likely to be killed by a cow.
hese security flaws happen all the time and are blown out of proportion by people wanting to scaremonger. Tell me OP how many have been exploited
Well that's nice, I was watching a youtube video and android system media crashed, figured it didn't mater since stagefright had been patched. I was wrong, seconds later apps began installing themselves on my phone, I didn't get any notification other then when the shortcuts were created. They were appearing so fast they some didn't even show up in my draw, they just were added to my home screen.
I'm on the latest version, and just this morning my phone was wiped. I got the message "deleting", but it looked like it was because someone kept trying passwords.
Mu number was transferred over from T-Mobile, only unusual thing. (but that was months ago)
It's not fully patched... was only patched against the first known set of vulnerabilities.
https://blog.zimperium.com/zimperiu...me-new-vulnerability-processing-mp3mp4-media/
I'd assume there will be even more in the weeks and months to come. And as for making use of the exploit... I assume everything can be fully automated... and fairly easy to generate phone numbers and scan thru millions... so probably won't matter what carrier you're on etc etc.
autoprime said:
It's not fully patched... was only patched against the first known set of vulnerabilities.
https://blog.zimperium.com/zimperiu...me-new-vulnerability-processing-mp3mp4-media/
I'd assume there will be even more in the weeks and months to come. And as for making use of the exploit... I assume everything can be fully automated... and fairly easy to generate phone numbers and scan thru millions... so probably won't matter what carrier you're on etc etc.
Click to expand...
Click to collapse
Well that's disappointing
autoprime said:
It's not fully patched... was only patched against the first known set of vulnerabilities.
https://blog.zimperium.com/zimperiu...me-new-vulnerability-processing-mp3mp4-media/
I'd assume there will be even more in the weeks and months to come. And as for making use of the exploit... I assume everything can be fully automated... and fairly easy to generate phone numbers and scan thru millions... so probably won't matter what carrier you're on etc etc.
Click to expand...
Click to collapse
Just ran the stage fright detector, I'm vulnerable to eveything but 3828. My OnePlus one is way older and isn't. °-°
Aaahh said:
Just ran the stage fright detector, I'm vulnerable to eveything but 3828. My OnePlus one is way older and isn't. °-°
Click to expand...
Click to collapse
the stagefright detector only detects what is patched so far as well... the link I posted mentions newer exploits not yet assigned CVE's and still no patch... and until patch is available from Google they won't have a fully up-to-date detector.
So even if OPO isn't vuln to what's currently being scanned.. it still may be open to others not yet able to be detected.
Of course that doesn't excuse Verizon from not keeping up to date on patches either. Many G4's have had recent OTA's to patch everything "known to date" (but will still require a new patch for the most recent findings)... I guess it's just Verizon being slow on updates as usual.
Stagefright framework seems to be like swiss cheese when it comes to remote attacks... thankfully companies like zimperium are on the case. But if I were a criminal enterprise.. I'd be focusing all my work on finding new remote attacks against the framework... it's possibly the most effective remote attack to date.
Frightening isn't it?
autoprime said:
the stagefright detector only detects what is patched so far as well... the link I posted mentions newer exploits not yet assigned CVE's and still no patch... and until patch is available from Google they won't have a fully up-to-date detector.
So even if OPO isn't vuln to what's currently being scanned.. it still may be open to others not yet able to be detected.
Of course that doesn't excuse Verizon from not keeping up to date on patches either. Many G4's have had recent OTA's to patch everything "known to date" (but will still require a new patch for the most recent findings)... I guess it's just Verizon being slow on updates as usual.
Stagefright framework seems to be like swiss cheese when it comes to remote attacks... thankfully companies like zimperium are on the case. But if I were a criminal enterprise.. I'd be focusing all my work on finding new remote attacks against the framework... it's probably the most effective remote attack to date.
Frightening isn't it?
Click to expand...
Click to collapse
Its frightening to know where it's being exploited, so much for privacy. That being said, how were the apps installed?
Assuming I was owned by an old hack
The first bug 1538 doesn't give you access to everything, just camera, mic and things.
Or am I wrong to assume that, and you actually more access with it?
Aaahh said:
Its frightening to know where it's being exploited, so much for privacy. That being said, how were the apps installed?
Assuming I was owned by an old hack
The first bug 1538 doesn't give you access to everything, just camera, mic and things.
Or am I wrong to assume that, and you actually more access with it?
Click to expand...
Click to collapse
not fully up on the chain of attacks possible with it to be honest... but pretty sure some of them can manage to get root... or at least system access... and from there you can do all sorts of things.
If I have to take a wild guess (and that's all this is)... I could imagine using a remote attack and gaining system/root access then downloading a compressed file containing a set of apps/scripts it wanted to install/run.. unzip.. install.. and does whatever it needs to. Kinda odd they weren't very stealth about it.. letting you see apps being installed on the homescreen.
Curious... what sort of apps were installed? And were they installed in data or in system?
autoprime said:
not fully up on the chain of attacks possible with it to be honest... but pretty sure some of them can manage to get root... or at least system access... and from there you can do all sorts of things.
If I have to take a wild guess (and that's all this is)... I could imagine using a remote attack and gaining system/root access then downloading a compressed file containing a set of apps/scripts it wanted to install/run.. unzip.. install.. and does whatever it needs to. Kinda odd they weren't very stealth about it.. letting you see apps being installed on the homescreen.
Curious... what sort of apps were installed? And were they installed in data or in system?
Click to expand...
Click to collapse
That's why I wasn't as frightened at first
They were stupid apps like knights of hearts and go90(what's this?) And rhysop something
Data
Aaahh said:
That's why I wasn't as frightened at first
They were stupid apps like knights of hearts and go90(what's this?) And rhysop something
Data
Click to expand...
Click to collapse
hmm go90 is a new verizon app coming out today. so maybe it was verizon pushing that. not sure on others.
https://www.go90app.com/
http://www.usatoday.com/story/tech/2015/10/01/verizon-launches-go90-mobile-video-service/73138654/
autoprime said:
hmm go90 is a new verizon app coming out today. so maybe it was verizon pushing that. not sure on others.
https://www.go90app.com/
http://www.usatoday.com/story/tech/2015/10/01/verizon-launches-go90-mobile-video-service/73138654/
Click to expand...
Click to collapse
I knew it sounded familiar, but I can't justify the other apps. II know g4 comes with games but not that rpshuo music player
The go90 didn't have a shortcut, too bad I erased it.
Anyone knows if turning off auto retrieve MMS is enough to protect my phone against the new stagefright hacks?
No?
I read this morning that T-mobile USA has been hacked and the hackers got data since Sept. 2013 lol.
Looks like they got some german IT specialists.
http://www.t-mobile.com/landing/experian-data-breach.html?icid=WOR_NA_CLRSKY_GP21HHC35JV3079
In the midst of an attack, what's the quickest way to stop it (airplane mode?) then a factory reset?
Sent from my LGLS991 using Tapatalk
Cozmos23 said:
No?
I read this morning that T-mobile USA has been hacked and the hackers got data since Sept. 2013 lol.
Looks like they got some german IT specialists.
http://www.t-mobile.com/landing/experian-data-breach.html?icid=WOR_NA_CLRSKY_GP21HHC35JV3079
Click to expand...
Click to collapse
This is completely unrelated to stagefright. The Tmobile hack is actually an attack on Experian..
bitbitbit said:
Anyone knows if turning off auto retrieve MMS is enough to protect my phone against the new stagefright hacks?
Click to expand...
Click to collapse
Anyone want to answer this question ?
---------- Post added at 09:01 AM ---------- Previous post was at 08:49 AM ----------
autoprime said:
the stagefright detector only detects what is patched so far as well... the link I posted mentions newer exploits not yet assigned CVE's and still no patch... and until patch is available from Google they won't have a fully up-to-date detector.
So even if OPO isn't vuln to what's currently being scanned.. it still may be open to others not yet able to be detected.
Of course that doesn't excuse Verizon from not keeping up to date on patches either. Many G4's have had recent OTA's to patch everything "known to date" (but will still require a new patch for the most recent findings)... I guess it's just Verizon being slow on updates as usual.
Stagefright framework seems to be like swiss cheese when it comes to remote attacks... thankfully companies like zimperium are on the case. But if I were a criminal enterprise.. I'd be focusing all my work on finding new remote attacks against the framework... it's possibly the most effective remote attack to date.
Frightening isn't it?
Click to expand...
Click to collapse
The main vector is still "specially crafted MP3 or MP4 files can lead to arbitrary code execution".
That was known back in April. So if you can prevent such files ending up on your device then there is no problem.
The way to do that AFAIK is disabling auto retrieve of MMS.
Sorry to hear man. Did it wipe SD card data too?
Sent From My LG G4
Nevermind, I got the answer.
bitbitbit said:
Anyone knows if turning off auto retrieve MMS is enough to protect my phone against the new stagefright hacks?
Click to expand...
Click to collapse
I dont think so, an attacker could lead you to a website containing specially crafted media files...
For more information on the stagefright vulnerability and the (un)likelyhood of getting hacked I found this article on Android Central:
http://www.androidcentral.com/stagefright
Reading through that, OP, it seems possible you could have picked up a virus somewhere that started downloading all that software. Have you ever downloaded or clicked on a link other than a trusted site?
FadeFx said:
I dont think so, an attacker could lead you to a website containing specially crafted media files...
Click to expand...
Click to collapse
Would it make a difference if I don't click on play? I guess I can't always tell if a media file has been tampered with, but at least if not playing the file can help, I can avoid doing that on sketchy websites.