Print Page - So you think you locked your Android phone?

Title: So you think you locked your Android phone?
Post by: Gary on Dec 13, 2013, 09:50:30

Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users' PINs to unlock the phone.

In fact, the Curesec post states, the bug – present in Android 4.0 to 4.3 but not 4.4 – exposes any locking technique: PINs, passwords, gestures or facial recognition. The thing is most Andropid handsets wont het patched unless Google comes up with a patch which the manufacturers push out and the networks then give the ok to :(

http://www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/

Title: Re: So you think you locked your Android phone?
Post by: Simon on Dec 13, 2013, 10:14:42

I can't help thinking these vulnerabilities are made more, er, vulnerable, by media such as The Register constantly shouting it from the rooftops. Surely if they kept quiet about it, fewer people would know that the holes are there to be exploited?

Title: Re: So you think you locked your Android phone?
Post by: Gary on Dec 13, 2013, 10:19:21

Quote from: Simon on Dec 13, 2013, 10:14:42
I can't help thinking these vulnerabilities are made more, er, vulnerable, by media such as The Register constantly shouting it from the rooftops. Surely if they kept quiet about it, fewer people would know that the holes are there to be exploited?

People need to know if their gadget has vulnerabilities, if nothing else so they can make sure its by their side as in this issue or take extra precaution online maybe. Also making it public puts pressure on manufacturers to actually patch these things, otherwise they just get left as has been the case before. The thing is the people who know how to exploit these holes will use it and posting it does not mean necessarily mean increased abuse of the issue. By the time the reg publishes it its probably common knowledge in the black hat circles and sometimes kits to exploit these things are being sold in 'the right places' so its all a bit academic.

Title: Re: So you think you locked your Android phone?
Post by: Glenn on Dec 13, 2013, 11:57:59

Quote from: Gary on Dec 13, 2013, 09:50:30
The thing is most Andropid handsets wont het patched unless Google comes up with a patch which the manufacturers push out and the networks then give the ok to :(

Google have patched it, it's called KitKat, or Android 4.4.2. It's the handset manufacturers that drag their heels in pushing out the updates, they insist on having their UI which possibly needs to be updated to run on the latest version of Android. KitKat will now run on low spec devices so there is no excuse. http://www.phonearena.com/news/Android-4.4-KitKat-is-official-new-launcher-made-to-run-on-low-end-devices_id48935

Title: Re: So you think you locked your Android phone?
Post by: pctech on Dec 13, 2013, 12:46:11

You could also switch off data when you are not actively using it as I do.

IDNetters Forums

Technical News & Discussion => Mobile Devices News & Discussion => Topic started by: Gary on Dec 13, 2013, 09:50:30