Android security patch 'flawed'var mi_track_user = true; var mi_no_track_reason = ''; var disableStr = 'ga-disable-UA-57774632-1'; /* Function to detect opted out users */ function __gaTrackerIsOptedOut() { return document.cookie.indexOf(disableStr + '=true') > -1; } /* Disable tracking if the opt-out cookie exists. */ if ( __gaTrackerIsOptedOut() ) { window[disableStr] = true; } /* Opt-out function */ function __gaTrackerOptout() { document.cookie = disableStr + '=true; expires=Thu, 31 Dec 2099 23:59:59 UTC; path=/'; window[disableStr] = true; } if ( mi_track_user ) { (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//','__gaTracker'); __gaTracker('create', 'UA-57774632-1', 'auto'); __gaTracker('set', 'forceSSL', true); __gaTracker('send','pageview'); } else { console.log( "" ); (function() { /* */ var noopfn = function() { return null; }; var noopnullfn = function() { return null; }; var Tracker = function() { return null; }; var p = Tracker.prototype; p.get = noopfn; p.set = noopfn; p.send = noopfn; var __gaTracker = function() { var len = arguments.length; if ( len === 0 ) { return; } var f = arguments[len-1]; if ( typeof f !== 'object' || f === null || typeof f.hitCallback !== 'function' ) { console.log( 'Not running function __gaTracker(' + arguments[0] + " ....) because you are not being tracked. " + mi_no_track_reason ); return; } try { f.hitCallback(); } catch (ex) { } }; __gaTracker.create = function() { return new Tracker(); }; __gaTracker.getByName = noopnullfn; __gaTracker.getAll = function() { return []; }; __gaTracker.remove = noopfn; window['__gaTracker'] = __gaTracker; })(); }
Don't Miss

    Android security patch ‘flawed’

    By on Aug 16, 2015

    Android security patch 'flawed'

    An Android update designed to fix a security hole in the operating system is itself flawed, it has emerged.

    In July, a vulnerability that affected up to a billion Android phones was made public by software researchers.

    Google made a patch available, but security company Exodus Intelligence said it had been able to bypass the fix.

    Exodus Intelligence said the update could give people a “false sense of security”.

    Google told the BBC that most Android users were protected by a security feature called address space layout randomisation (ASLR).

    “Currently over 90% of Android devices have ASLR enabled, which protects users from this issue,” it said.

    ASLR makes it difficult for an attacker to plot an attack, and introduces more guesswork to the process, which is more likely to crash a smartphone than compromise it.

    ‘Vulnerability remains’

    In April, another security company, Zimperium, found a bug in Android that could let hackers access data and apps on a victim’s phone, just by sending a video message.

    Also Read:  Apple iPad review

    The company disclosed the issue to Google and provided its own patch for the software, which Google made available to phone manufacturers.

    Details of the flaw were made public in July, after Google had integrated the patch into the latest version of Android.

    At the time, Google pointed out that there had been no reported cases of anybody exploiting the bug.

    On Thursday, Exodus Intelligence said its researcher Jordan Gruskovnjak had easily bypassed the patch and the vulnerability remained.

    “The public at large believes the current patch protects them when it in fact does not,” the company said on its blog.

    ‘Bigger challenge’

    Android phone
    Millions of devices still run old versions of Android

    “Stagefright is the early warning alert to a much bigger challenge,” said David Baker, security officer for computing firm Okta.

    “There isn’t a comprehensive update solution for Android, since there are so many device makers modifying the software.”

    Also Read:  Earth 2.0 Officially Confirmed By NASA

    Android is an open source operating system and phone-makers can modify it to use on their handsets.

    Phone manufacturers are responsible for updating their own devices with the latest software. But many do not, while some companies use customised versions of Android which take time to rebuild when security changes are made.

    For these reasons, only 2.6% of Android phones are running the latest version of the operating system.

    Android OS distribution: around 18% of users have the latest operating system
    iOS distribution: 85% of users have iOS 8 according to Apple

    “Other manufacturers like Apple and BlackBerry control both the hardware and software. That means they can patch flaws much more quickly,” said Mr Baker.

    Exodus Intelligence said Google had known about the flaw for more than 120 days and still not fixed it.

    “The patch is 4 lines of code and was (presumably) reviewed by Google engineers prior to shipping,” said Exodus Intelligence on its blog.

    “If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have?”

    Source: BBC

    Found this post interesting? Kindly click the share button to share

    About Adeyinka Hassan

    Blogger | Web Designer | Graphics Designer | C.E.O. & Chan MULTIMEDIA | 09052807346

    Leave a Reply

    Your email address will not be published.