Monday, August 10, 2015

The story of the day. As security holes Android affect everyone – DELFI.lv

At the end of July and beginning of August, it appeared several reports of a critical vulnerability in Android, which affect hundreds of millions, almost a billion devices. TechLife explains why it’s important, what’s going on and how it affects every one of us.

What is it?

Researchers have found safety several serious vulnerabilities in Android, that can be used an attacker to remotely. One, about which we already wrote at length, makes it easy to send an MMS-message, the other – to take advantage of the so-called mSRT for remote access or infect a smartphone through SMS. In theory, through these holes hackers can gain access to the contacts in your smartphone, photo and video messages. They can also use these holes to install other programs to be “doing something” without the user’s knowledge.



I “the common man” and not interesting to anyone …

There are a lot of scenarios when the vulnerability could be used against the common man. He may know “someone” or enter the social circle of certain persons. Behind it can spy on the employer or business partners, husband or wife. Or the state. Finally, anyone can gain access to his intimate photos and start blackmailing their publication. Or it can simply block the smartphone and demand a ransom for the code to unlock it (as is increasingly the case with personal computers).

Most of us at least once in their life received SMS-messages (or know people who received them) a sudden winning the lottery. As they are sent at random from abroad, and viruses can also be sent at random, and also even from Burkina Faso (by the way, does anyone ever received a spam-SMS with the area code 226?). Especially in this case, delivery method malicious code – MMS and SMS, which, for its operation, it is not necessary to open.



Wait, this is already happening ?! I am in danger?

No, not yet. While talking about it only security professionals. However, since information about the theoretical possibility of the virus already is, no doubt – the “bad guys” are working with might and main, to find those gaps and to figure out how to use them. This is big money – the data on the specific vulnerabilities of this level are sold for hundreds of thousands of dollars.

When the first virus targeted by hundreds of millions of smartphones, everyone will know about it – or will be one of the victims, or read on TechLife.

I do not understand why this is such a problem – Windows break for decades, and nothing

The problem lies in the philosophy of Android – to be as open and accessible OS. It is a system that is “the coffee maker in each.” Apple iOS and Microsoft Windows – is a closed system, which are controlled by a particular company. If iOS is a critical vulnerability or found another hole in Windows, you Apple and Microsoft quickly released a supplement that is available immediately to tens and hundreds of millions of machines. All that is necessary from the user – to put these patches, they are only my reach. Or just turn on auto-update, and not to think about some sort of holes in some kind of security.

In Android it is not so. Google develops and distributes only the core OS and a number of standard services. This code is then taken by other manufacturers and mobile operators to adapt to their needs, put their programs and use on their devices. As a result, in one unit of time there may be literally hundreds of different versions of Android and there is no mechanism that would allow us to upgrade them all at once.



That is, Google does not have authority over Android?

Virtually no. It can release an update kernel and its individual critical components, but how quickly it reaches ordinary smart phones and tablets – depends on the manufacturer and only on them (as in the United States and Western Europe – and even from mobile operators who sell “branded” phones). Therefore, to call Google Android is not entirely correct – it has long been just Android, which, like the cat who lives practically by itself.



But because manufacturers will release an update, right?

Well, yes and no. According to Google, as a hole in August Stagefright – one that allows you to hack the phone one MMS-message – will be closed in the following smartphone models:

  • Samsung Galaxy S6 Galaxy S6 Edge, Galaxy S5, Galaxy S4, Galaxy S3,
  • Note 4, Note 4 Edge;
  • HTC One M7, One M8, One M9;
  • LG Electronics G2, G3, G4;
  • Sony Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact;
  • Android One.

In addition, Google, Samsung and LG announced that they will close the hole and move on to the practice of the monthly updates, but it will only apply to their flagships (Google launches smart phones Nexus), who are working on the latest version of the OS. Meanwhile, the flagship devices cost from 600-700 euros – this is only a tiny share of the market. For example, under the Android 5,1 it is now working only 2.6% of all Android-smartphone and tablets.

We are confident that the vast majority reading this simple, cheap smart phones cost a few hundred euros at most. These gadgets, depending on their freshness, too, can get updates, but we would seriously not count on it – experience shows that manufacturers do not release patches for their older models.



Why is this happening? They do not care about their customers?!

No, they do not have money to do so voluntarily. In order to release the update for each specific model, it is necessary not just to adapt it, but also to test, and then delivered to the smartphone (Internet traffic in such volumes is significant money).

At the same time, according to financial statements of LG, for example, the company in the last quarter of every smartphone sold earned only 1.2 cents ($ 0.012). The situation on the market of Android-devices has always been a so-called “Race to the bottom”, but now it is escalated to the obscene. And mad competition forces manufacturers to cut costs as much as possible. One may sneer at the high prices of Apple iPhone and excess profits to Apple, but the result is obvious – “on the side” now is not the problems faced by users of Android.



What should I do to avoid becoming a victim of possible virus attacks?

Nothing. More precisely, it is necessary to save the most valuable thing on a smartphone, a computer, or upload to the “cloud.” So that when one is not very beautiful midnight phone turn into a pumpkin, do not grieve, and even the lost precious photos and contacts.

Seriously recommend a move to iOS in this case we will not – for people who can not afford to spend 700 euros on a smartphone, it looks like a mockery. And those who can afford it, and so is likely to hold fresh flagship “droid”, who will receive all the updates. They are all generally do not care.

If someone becomes a victim of a virus attack – is to express my dissatisfaction with the producers, as well as government regulators (such as the Commission on regulation of public services, or the Center for Consumer Protection). Without a strong request from customers and not less powerful kick from the state producers will move slowly and reluctantly. For, as we have already mentioned above – they simply do not have the extra money.



But it looks abnormal and wrong!

That’s right, and we are 99% sure Google and the companies producing end devices running Android understand it. However, to change the situation, apparently, is to bite roasted cock a problem that really affect a couple of hundreds of millions of devices simultaneously. Anyone who stands up for Android, it is necessary to sit down at the negotiating table and adopt a certain number of arbitrary decisions, which ultimately will make Android more like Apple iOS and Microsoft Windows – a system that someone keeps an iron hand.

LikeTweet

No comments:

Post a Comment