https://www.armis.com/blueborne/
Glad I got some Bullets V2 from OnePlus. My Soundpeats QY7 Bluetooth headphones are great and all, but the Bullets are just as good if not better.
Also, this bug won't affect us since it'll be fixed by the time we get Oreo, anyway.
HampTheToker said:
...
Also, this bug won't affect us since it'll be fixed by the time we get Oreo, anyway.
Click to expand...
Click to collapse
Currently that bug is fixed in various AOSP versions (from 4.4 to latest) ONLY if your security patch level is September 5. If it is not September 5 you are vulnerable and you should be concerned about it.
xclub_101 said:
Currently that bug is fixed in various AOSP versions (from 4.4 to latest) ONLY if your security patch level is September 5. If it is not September 5 you are vulnerable and you should be concerned about it.
Click to expand...
Click to collapse
Just like everyone was concerned about stagefright and Dirty COW. Yeah, they are vulnerabilities, but no real world examples of them being used maliciously.
Sent from my OnePlus 3T using XDA Labs
MrMeeseeks said:
Just like everyone was concerned about stagefright and Dirty COW. Yeah, they are vulnerabilities, but no real world examples of them being used maliciously.
Sent from my OnePlus 3T using XDA Labs
Click to expand...
Click to collapse
Stagefright was a vulnerability where you had to download a specially-crafted video and play it with the default video player, so extensive user interaction was needed. Dirty COW was seen in the wild on Linux machines but again the user needed to actively run native code from a program in order to elevate and gain root.
BlueBorne is slightly different in that the user does not need to do anything else than have his Bluetooth active, something who every Android user with a smart watch or a pair of Bluetooth headphones has.
The fact that we do not know of any exploits in the wild does not mean that such exploits do not exist, there is a limit up to where you can just fool morons into installing free wallpaper apps.
Related
I've noticed that I seem to be missing a few updates that I expected I'd be one of the first in line for as a Nexus 4 owner.
Firstly, the Master Key vulnerability fix doesn't seem to have reached my phone. At least, according to Bluebox security scanner
Secondly, I still have no visibility of the new Google Maps redesign
My phone is a generic operator free Nexus 4 running stock (custom kernel though). Anybody else still waiting, or have I fallen off the automatic updates conveyor belt so far?
Where are you from? App updates from Google reach different parts of the world at different times.
thisisgil said:
I've noticed that I seem to be missing a few updates that I expected I'd be one of the first in line for as a Nexus 4 owner.
Firstly, the Master Key vulnerability fix doesn't seem to have reached my phone. At least, according to Bluebox security scanner
Secondly, I still have no visibility of the new Google Maps redesign
My phone is a generic operator free Nexus 4 running stock (custom kernel though). Anybody else still waiting, or have I fallen off the automatic updates conveyor belt so far?
Click to expand...
Click to collapse
We are sailing in the same boat. Rooted with only custom recovery rest stock.
vanmarek said:
Where are you from? App updates from Google reach different parts of the world at different times.
Click to expand...
Click to collapse
Based in the UK. If you've had the vulnerability patch already, did it come in the form of an app download or an ota update?
I'm in the UK and had the Maps update the day it was released.
thisisgil said:
Based in the UK. If you've had the vulnerability patch already, did it come in the form of an app download or an ota update?
Click to expand...
Click to collapse
Google hasn't released a patch for the vulnerability that's why you haven't gotten it. All they have done so far is release the code to their OEM's so they can patch their individual versions of Android. More than likely Nexus devices will get the patch in the 4.2.3 OTA whenever it gets released. In teh mean time their is an app in the Playstore, ReKey, that will address the vulnerability. Or you could just turn off install apps from unknown sources in the security settings which will also take care of the issue temporarily.
As for the other app updates they can take up to 2 weeks to deploy to all phones.
QuadRooter allows attackers to take complete control of Android devices, potentially exposing your sensitive data to cybercrime.
However, there is no evidence of the vulnerabilities currently being used in attacks by cyberthieves.
"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head of mobility product management at Checkpoint. [BBC News]
Click to expand...
Click to collapse
Play Store link:
Check Point QuadRooter Scanner
Alternative: QuadRooter Scanner (less intrusive permissions)
CM (and other AOSPs) will get patched, but Stock 5.1? I suspect the only hope is that Motorola will release something for Moto G (2nd Gen) Stock 6.0, meaning Identity Crisis 6 can be made secure.
Why does a vulnerability check app require permissions for accounts and contacts?
Also, has anyone already created a universal rooting tool based on this vulnerability?
_that said:
Why does a vulnerability check app require permissions for accounts and contacts?
Also, has anyone already created a universal rooting tool based on this vulnerability?
Click to expand...
Click to collapse
I don't know, but an alternative is available: QuadRooter Scanner.
It's early days, nothing so far - but maybe there is now hope for those CDMA users who want root.
So I'm vulnurable to 5 "things" according to that app. This is a general situation and not device specific, right?
Penemue said:
So I'm vulnurable to 5 "things" according to that app. This is a general situation and not device specific, right?
Click to expand...
Click to collapse
Google have said it's not really a big deal - more a case of a company (Checkpoint) scare-mongering to sell their software.
The Android feature 'Verify apps' essentially protects against malicious software if not ignored.
To answer your question, it depends on the device - the degree of vulnerability - but generally speaking most handsets are 'affected.'
According to the BBC, "Serious security flaws that could give attackers complete access to a phone's data have been found in software used on tens of millions of Android devices." This includes the Nexus 6.
Full story here: http://www.bbc.co.uk/news/technology-37005226
App from Check Point for testing whether your device is susceptible: https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter
I never worry for two reasons,
1) I watch what I download and install, trusted vendors and sources only
2) It is a Nexus device it will be patched
Don't worry, yesterday it was stagefright, now it's something else.
With Nexus we will be close to a patch
http://thetechportal.com/2016/08/08/new-android-vulnerability-quadrooter/
This one took six months of reverse engineering qual comm code to find. And that is only to outline theoretical avenue for attack...real exploit can be more challenging.
It is ranked as "high risk"...Not even the highest category (critical is highest). There are many high and critical vulnerabilities patched every month. I think the only thing unique about this one is press coverage drummed up by checkpoint to celebrate their finding and make themselves look more notable
http://www.recode.net/2016/8/8/12403088/android-security-mess-quadrooter
http://www.recode.net/2016/8/8/12403088/android-security-mess-quadrooter
"Google, meanwhile, says three of the four flaws tied to Quadrooter were patched in an August security update while the fourth is set to be fixed soon. "
electricpete1 said:
"Google, meanwhile, says three of the four flaws tied to Quadrooter were patched in an August security update while the fourth is set to be fixed soon. "
Click to expand...
Click to collapse
Hmmmm. I'm running MOB30W (dated 5th August), and the Checkpoint app claims that I'm vulnerable to 3 of the vulnerabilities, so either Google or Checkpoint have got something wrong...
Philip said:
Hmmmm. I'm running MOB30W (dated 5th August), and the Checkpoint app claims that I'm vulnerable to 3 of the vulnerabilities, so either Google or Checkpoint have got something wrong...
Click to expand...
Click to collapse
It needs stock kernel, because it's a kernel driver bug. I'm using my own build but with the stock kernel, and it says only one vulnerability left.
btw.. 3 of the 4 are already patched.
If you are on the August update only one of the four is still an issue. And Franco just rolled the commit in for the fourth one in his update today if yoy are using his kernel.
But as mentioned, just be careful what tou install and it is a non issue. And remember its a report of a flaw, not a report of it being used in the wild. Big difference.
The Checkpoint app is questionable I think. Lots of false positives being reported on the web.
Really guys this is nothing more then more fear mongering. As long as android offered open source code you will always find holes like this. Most are nothing to even worry about. Just like the stagefright issue. Dont sweat it.
Note that THREE of the FOUR bugs are within the closed source GPU (Adreno) drivers.
So this is a very strong argument in favor of getting this crap swapped out in favor of freedreno.
And I've applied the CAF patch to the kernel. Great, but the app still lists it as a vulnerability. So since the fix looks valid, then the app must give a false positive.
zelendel said:
Really guys this is nothing more then more fear mongering. As long as android offered open source code you will always find holes like this. Most are nothing to even worry about. Just like the stagefright issue. Dont sweat it.
Click to expand...
Click to collapse
finally a voice of reason!
thanks man, couldn't agree more. Unfortunately 95% of the people that come here don't get it..
zelendel said:
Really guys this is nothing more then more fear mongering. As long as android offered open source code you will always find holes like this. Most are nothing to even worry about. Just like the stagefright issue. Dont sweat it.
Click to expand...
Click to collapse
100% agree. Exploits usually need to be customized for different makes, models, and Android operating system versions in order for compromise to occur, really, really difficult to own an entire ecosystem.
Every year it's something new, first stagefright, now Qualcomm bug, nothing comes of it and it's packed withing a month or two, it makes you wonder why they even bother reporting on it.
did the scan and my nexus 6 is ok running the dev 5 android 7 rom
As title...
https://developers.google.com/android/ota#shamu - OTA full image
https://developers.google.com/android/images#shamu - full image
Is the microphone issue fixed?
Sent from my Nexus 6 using Tapatalk
Same bootloader, same radio. FYI
FLaMpeR said:
Is the microphone issue fixed?
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
I have the same question. This bug is annoying.
Demonoid_i_am said:
I have the same question. This bug is annoying.
Click to expand...
Click to collapse
Yes it's fixed for me.
Sent from my Nexus 6 using XDA-Developers Legacy app
buge boyo said:
Yes it's fixed for me.
Sent from my Nexus 6 using XDA-Developers Legacy app
Click to expand...
Click to collapse
Glad we can fix it...is dirty flash from 7.1.1 alright?
Sent from my Nexus 6 using Tapatalk
Strange. Just swapped phones with my wife and the loudspeaker echoes horribly, so I guess it's not fixed for me, unless I'm misunderstanding the problem...
Edit: Half an hour later, after dinner and a flash of Yoinx's speaker fix, both my wife's Nexus 5 and my Nexus 6 are clear as a bell, both of them on loudspeaker. I therefore say that the Google image does not contain the loudspeaker fix - not from where I sit, anyway. Anyone else?
"is dirty flash from 7.1.1 alright?"
Yes. I flashed the OTA directly over the existing N6F26Q and it works fine.
Best way to tell is if someone could pull the mixer file and diff it to see any changes ... I would but I'm not in front of my setup right now.
Well, from where I sit the best way is to call someone, switch on your N6 loudspeaker, and see if they can hold a conversation with you... Which I did. And it didn't work until I flashed Yoinx's zip.
Google will most likely not fix it. Any new updates will most likely just be security patches. If you want the fix then I would flash the zip or grab a custom roms that has it fixed for ever. Never can say I ever had this issue as I don't use speaker phone ever. Unless completely alone it is considered rude.
The nerve. Why in the world would they leave such a feature broken. I know some people don't use it but the purpose of a phone is to freaking work. Doesn't matter if you use that feature or not. Others do. I use speaker all the time because I work from home. Stock software shouldn't have this problem. Period. It's been over a month and still no fix from Google. Meanwhile our guys fixed it almost immediately. This is just plain negligence and disrespectful at this point. I guess it's a sign they want us to get a new device so they completely fu**ed this phone by breaking what is a core and even basic feature of all phones. Ridiculous and ******y practices. At this point there literally is nothing that's making me more mad.
MysticKing32 said:
The nerve. Why in the world would they leave such a feature broken. I know some people don't use it but the purpose of a phone is to freaking work. Doesn't matter if you use that feature or not. Others do. I use speaker all the time because I work from home. Stock software shouldn't have this problem. Period. It's been over a month and still no fix from Google. Meanwhile our guys fixed it almost immediately. This is just plain negligence and disrespectful at this point. I guess it's a sign they want us to get a new device so they completely fu**ed this phone by breaking what is a core and even basic feature of all phones. Ridiculous and ******y practices. At this point there literally is nothing that's making me more mad.
Click to expand...
Click to collapse
What do you expect. The device is EOL which means anything broken will stay broken. Then add in that the OS was coded for 64 bit devices and had to be ported to our device to begin with. Also really if you are not willing to dig in and fix the issue then you miss the whole point of owning a nexus. It's a developer device.
And yes some people use it and some don't. That is the way it is with all features.
Getting upset about it is really pointless.
AOSP commits from 7.1.1_r13\N6F26Q to 7.1.1_r17\N6F26R
.
project bionic/
e046081 Check for bad packets in getaddrinfo.c's getanswer.
project build/
8a89878 N6F26R
e225344 Update Security String to 2017-02-05 on nyc-dev
8e84b75 Update Security String to 2017-02-01 on nyc-dev
project device/htc/flounder/
a37d1ee Fix security issue in Visualizer effect
project external/libavc/
cf606f3 Decoder: Fix in checking for valid profile flags
project external/libgdx/
c156e72 Fix security vulnerability
project external/libhevc/
3a64694 Fixed handling invalid chroma tu size for error clips
f22345d Fixed out of bound reads in stack variables
e20f6b8 Fix in Chroma SAO for non-multiple of 8 height
project frameworks/av/
048ba59 Fix security vulnerability: potential OOB write in audioserver
bab10e4 Effect: Use local cached data for Effect commit
project frameworks/base/
593144f [DO NOT MERGE] Fix vulnerability in MemoryIntArray - fix build file
de5747d Fix vulnerability in MemoryIntArray
a66099e DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
4df434d DO NOT MERGE: Check provider access for content changes.
project frameworks/native/
541b1eb Correct overflow check in Parcel resize code
74dae33 Fix security vulneratibly 31960359
509fb5c Fix SF security vulnerability: 32706020
project hardware/libhardware/
9f0e940 Fix security vulnerability: potential OOB write in audioserver
project libcore/
c55ce33 Fix URL parser may return wrong host name
project packages/apps/Bluetooth/
379e7b6 Remove MANAGE_DOCUMENTS permission as it isn't needed
project packages/apps/Messaging/
1bb11f3 resolve merge conflicts of eafd58a to nyc-dev
13f739b 32807795 Security Vulnerability - AOSP Messaging App: thirdparty can attach private files from "/data/data/com.android.messaging/" directory to the messaging app.
86e5bf5 32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so
project packages/apps/UnifiedEmail/
1fc7b01 Don't allow file attachment from /data through GET_CONTENT.
project system/core/
7f94bb4 change /data/bugreports to /bugreports
project system/sepolicy/
54a3eec label /bugreports
dahawthorne said:
As title...
https://developers.google.com/android/ota#shamu - OTA full image
https://developers.google.com/android/images#shamu - full image
Click to expand...
Click to collapse
Is there a TWRP flashable version? Those of us with root ava TWRP need to extract the zip and flash system. IMG, boot.img etc. Using ADB?
zelendel said:
What do you expect. The device is EOL which means anything broken will stay broken. Then add in that the OS was coded for 64 bit devices and had to be ported to our device to begin with. Also really if you are not willing to dig in and fix the issue then you miss the whole point of owning a nexus. It's a developer device.
And yes some people use it and some don't. That is the way it is with all features.
Getting upset about it is really pointless.
Click to expand...
Click to collapse
Okay so you're telling me it's perfectly fine for a manufacturer to leave a device in a broken state because the device reached the end of its life? This is what's wrong with the world lol. And no I'm not missing the whole point of the nexus line. This is my first Nexus device however. But that's not the point. You don't leave major bugs like this unfixed. Not sure about you but if I pay for something EVERYTHING on the phone should work correctly. Of course there'll be a few minor hitches here and there. I expect that from betas and custom roms. But that's what BETAS and custom roms are for. The point of the nexus line is to play with custom software. Of course if some things from that doesn't work then of course you can't expect google support. You buy a nexus (or at least you used to) to get pure Android without skins like TouchWiz or HTC sense. And of course to experiment with custom software. Just because google allows custom software on the device does not give them the right to fu** us on an update then leave it to the community to fix it. Luckily we have a terrific community that fixed it in no time. But still I expect that google fixes the mistake they made. Because it was in fact their mistake. They released an official update. Not a beta. This is supposed to be stable!
sanumaj said:
Is there a TWRP flashable version? Those of us with root ava TWRP need to extract the zip and flash system. IMG, boot.img etc. Using ADB?
Click to expand...
Click to collapse
No, you don't need to do all that. You can if you want, but the OTA is a one-button solution - sideload via ADB, reboot, job done. You'll need to reroot.
zelendel said:
The device is EOL which means anything broken will stay broken.
Click to expand...
Click to collapse
I wouldn't argue with zelendel on technical matters, but I can on matters of policy and principle.
This is no different from taking your phone in for repair and finding that they've fixed what you asked them to fix but have broken another component. You could argue that the difference here is that the ROM upgrade is free; I refute that by saying that I paid a great deal of money (£549/$800) on the understanding that I would receive ongoing support. That support does continue to come, and I welcome it, but the bottom line here is that Google broke a function and are therefore morally obliged to repair it. And since this is the company whose motto at the beginning was (is it still...?) "Don't be evil" I think I'm entitled to get upset, no?
For me its simple. Google broke it so Google needs to fix it. EOL or not, they brought out an official security update that has a error in it. But to be honest, i don't believe that Google even cares about the N6, to them its an old phone not worth putting much time and energy in.
Well it's a punch in the face to all of us who purchased the Nexus 6. This year Nexus 6p and 5x will suffer the same fate and next the Pixel phones. Great way to keep trust. The speakerphone is really important while driving or when using in a conference call which the latter is in my case. They've spent way to long time without fixing it. I'm grateful for the custom ROM community but Google should have fixed it long time ago for those who depends on running stock. Because of issues like this and conducts like this, people will move on to a different OEMs. In a marketing side of view, Google will loose customers in the long run.
TMG1961 said:
For me its simple. Google broke it so Google needs to fix it. EOL or not, they brought out an official security update that has a error in it. But to be honest, i don't believe that Google even cares about the N6, to them its an old phone not worth putting much time and energy in.
Click to expand...
Click to collapse
EOL does matter though. Google broke a core function of our device on the last official Android update we will get. One could argue it was not intended to make us buy a newer device, but Google's behavior on it leaves much open to speculation.
And to the anyone defending Google, would it be OK if auto manufacturers updated your car's radio on the first service appointment after the warranty had expired, and said update disabled all but one of your speakers? That's essentially what Google has done to the N6. To top it off, seeing the defense of Google is like going back to work after your service appt, and when you complain about the broken speaker functionality at the water cooler, your co-workers tell you you should give Ford some slack, after all, you're outside the warranty period, and they didn't the have to update anything for you.
I'm not sure if DirtyCow ever worked for rooting these tablets, but for those of us without root, there may be some light at the end of the tunnel.
"A flaw in the original patch for the notorious Dirty COW vulnerability could allow an adversary to run local code on affected systems and exploit a race condition to perform a privilege escalation attack.
The flaw in the Dirty COW patch (CVE-2016-5195), released in October 2016, was identified by researchers at the security firm Bindecy. On Wednesday, they released details of the vulnerability (CVE-2017-1000405) found in the original Dirty COW patch, affecting several Linux distributions."
The number of devices affected are significantly less than those which were vulnerable before.
Not applicable to Android, hence unlikely to work on FireOS I suppose.
In terms of scope, the difference is just that the current bug is not applicable to Android and Red Hat Enterprise Linux.
Click to expand...
Click to collapse
gabosius said:
Not applicable to Android, hence unlikely to work on FireOS I suppose.
Click to expand...
Click to collapse
Totally missed that. Oh well. I guess it wouldn't hurt to try if you feel brave enough.
DragonFire1024 said:
Totally missed that. Oh well. I guess it wouldn't hurt to try if you feel brave enough.
Click to expand...
Click to collapse
I did scan mine with few CVE scanners (which were a bit outdated), nothing useful found.
However, research on LP CVEs shows a fairly large amount of LPE exploits available in Mediaserver (mostly discovered in 2017), but not sure whether its applicable for FireOS though.
EDIT: Reference