back to article Don't want pranksters 'bricking' your Android? Just stop using the internet, duh – Google

Trend Micro peeps say they have discovered a security bug that miscreants can exploit to seemingly murder millions of Android smartphones. A device will appear lifeless and unable to make calls, with a dead screen and no sound output, if an attack is successful, we're told. All a victim has to do is visit a dodgy webpage, or …

  1. S4qFBxkFFg
    FAIL

    The day when Android devices get updates direct from Google, whether the retailer objects or not, just got a little closer.

    (Although as said, Stagefright is a bigger issue.)

    1. dotdavid

      "The day when Android devices get updates direct from Google, whether the retailer objects or not, just got a little closer."

      Has it? Android Wear-style updates from Google are definitely preferable to the current strategy but I don't really see any signs of this. In response to the Stagefright vuln Google have patched AOSP and sent fixes to manufacturers, and they'll do what they can in Google Play Services, but I haven't seen anything to indicate they plan to address Android's update mess. That said Google are notoriously opaque so who can really say.

  2. Anonymous Coward
    Anonymous Coward

    A patch? sure, and pigs might fly

    A patch to fix the hole is on its way, we're told

    How many of the close to a billion Android devices out there will get this patch?

    It might be easier to win the Lottery.

    The whole patching/update thingy with Android is a disaster waiting to happen. Device makers just won't update anything that does not run the version of Android they are currently shipping.

    Google needs to (IMHO) get tough with the people who use their software and make them supply at least updates like this for devices that are running all version of Android from 4.0 onwards.

    Othereise the mantra, "don't update the software on your phone, just update (viz change) the phone" will become ever closer to reality. Even more tech kit for landfill.

    1. Anonymous Coward
      Anonymous Coward

      Re: A patch? sure, and pigs might fly

      How can Google get tough on the phone makers when the phone makers can tell Google to take their OS and shove it?

      1. Captain Queeg

        Re: A patch? sure, and pigs might fly

        In present times I t's a brave handset maker than tells The Big G to shove it.

        1. bazza Silver badge

          Re: A patch? sure, and pigs might fly

          There's a lot of Chinese Android mobiles that have effectively told Google to shove it. Degooglised Android is all the rage over there.

          1. Anonymous Coward
            Anonymous Coward

            Degooglized Android

            I'm sure this is one of Google's biggest fears - what if Microsoft decides to go all-in with Android, and builds a version that replaces Google Search with Bing, GMail with Outlook 365, and so forth? If Windows 10 Mobile flops, and Microsoft gives up on Windows on phones, they might go this route.

            Microsoft would probably not care if they made any money on this, as it would hurt one of their biggest competitors. Might also hurt Apple as far as getting iOS in the enterprise, since this Microsoft Android OS would likely work better with Windows services and have better enterprise manageability.

            This isn't going to fix the problem with Android updates (which really isn't Google's fault, no one but Apple and maybe Samsung has enough clout with carriers to keep full software control) but a major security incident on Google Android could really hurt its image and help Microsoft's version.

        2. asdf

          Re: A patch? sure, and pigs might fly

          >In present times I t's a brave handset maker than tells The Big G to shove it.

          Unless its the biggest company in the world and coincidentally the only one you know actually making money off handsets. Nothing commoditizes a phone quite like Android.

        3. Anonymous Coward
          Anonymous Coward

          Re: A patch? sure, and pigs might fly

          "In present times I t's a brave handset maker than tells The Big G to shove it."

          Suppose a consortium of these manufacturers chose to cobble together and buy out crumbling Blackberry and use their BB10 OS (which if you'll remember now has an Android compatibility layer) instead?

  3. Anonymous Coward
    Anonymous Coward

    Don't Be Evil.

    Just be really, really complacent as evil doers use your software to do evil things.

    But hey, as long as the add revenue keeps rolling in, stuff the users..... not our problem...

  4. Anonymous Coward
    Anonymous Coward

    Genuine question..

    I have an icky question: if Android is so "open", why does everyone have to wait for Google to fix something? On Linux it takes but a bored hack to come up with a temp patch for problems, usually within hours, until a formal fix arrives. If Android is so open, why does that not happen *at all* with Android?

    Or is this where myth and reality clash?

    1. dotdavid

      Re: Genuine question..

      You can flash a custom ROM which will likely have this patch applied but that will almost certainly void your warranty.

      The problem with Android isn't really anything to do with its source code's openness (except in that because it is open source at least there is an unofficial way to patch your handsets). The problem is really in the lack of any central update mechanism independent of the manufacturer and operator.

      1. launcap Silver badge

        Re: Genuine question..

        > You can flash a custom ROM which will likely have this patch applied but that will almost certainly

        > void your warranty.

        It depends on the phone (and the process you use) - my previous HTC m7 and my current OnePlus One both maintained the *hardware* warranty if rooted and reflashed.

  5. Neil Barnes Silver badge

    "not browse untrusted websites"

    As the only time I'm ever likely to find an 'untrusted website' is via the good agency of google search, it seems my policy of never browsing on my phone is looking better every day.

    1. asdf

      Re: "not browse untrusted websites"

      Not to mention unless you run some plugins, or use a proxy or futz with the hosts file even web sites you may trust often bring in content from servers that may or may not be a bit dodgy.

  6. JakeMS
    Joke

    Sod it..

    Might as well get a Blackberry :-P.

    At least it wouldn't have these bugs and BB OS can and will get security updates by BB without third party manufactures preventing you from getting them... :-).

    So.. now the Blackberry Leap doesn't look so bad now for £195 on amazon....

    (PS: I have currently have an Android myself...)

    1. Nick Kew Bronze badge

      Re: Sod it..

      No keyboard? Yuk. Maybe worth 195 pence, but not pounds.

      (Same goes for a whole lot of apple and android devices, of course).

      1. JakeMS

        Re: Sod it..

        BB Classic retails for £299, it has a keyboard.. so if that's your thing, they got it covered.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sod it..

      >Might as well get a Blackberry :-P.

      Too many unknowns especially in regards to the future with BB. The question is always will I be able to do what I want/need in two years with the phone in addition to today.

  7. tskears

    Where's the news...?

    >> A device will appear lifeless and unable to make calls, with a dead screen and no sound output.

    That sounds like my Android telephone about one day in three, without the malware.

    But then it rather sounds like me one day in three, too...

  8. Anonymous Coward
    Anonymous Coward

    Learn from Windows?

    I can hardly believe I'm saying this, but maybe Google have something to learn from Windows in this case. HP, Dell and co sell hardware with Windows on, they take care of the customer support, they provide whatever drivers are needed and get to customise the UI with whatever addons pay them the most - but the updates all still come straight from MS Update, you don't get Dell insisting the only way you can get a current version of Windows is to buy a new PC.

    Maybe they could get a bit closer to that by packaging more of Android as an "app" updated via the Play Store? In the mean time, thank goodness for the likes of CyanogenMod...

  9. phil dude
    Meh

    textsecure...

    I don't know if this is vulnerable but I am using the TextSecure app (from Whisper systems), and I think it does not use the default android messaging at all.

    The problem with this bug is the FUD and unknown patch cycle.

    Google, you can make system level .apk's, how about you make one for this?

    P.

  10. Anonymous Coward
    Anonymous Coward

    lol Android

    The NSA doesn't need to break laws as long as people keep using Google's Trojan horses. The gifts that keep on giving (at the very least to Google).

  11. oneeye

    maybe a class action suit will solve updating security fixes faster!

    Either that,or get the FTC, and or, the FCC involved. They can and have put out security fixes faster in the past, as they did with Heartbleed! So stopping the oems and carriers from adding crapware,adware,spyware every single time they send something out,is what's really needed. And a guarantee that is tied to the os,and longer than 2 fricken years. If an oem,and or the carrier is still selling phones with older os,then the date of the last sale should start the clock. Even a nexus needs the oem and carriers to update their phone's. They might get priority,but the updates do not come directly from Google,contrary to mythical accounts.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020