maxreish (OP)
|
|
October 04, 2019, 12:19:07 PM |
|
The most widely used mobile operating system Android is facing an issue regarding the affected Android phones being exploited. The bug was discovered by the researcher (Masdie Stone of Project Zero), they have already reported it to the Android Security Team. The said "Zero-Day Vulnerability" will bind to the Android kernel's driver which the attackers will have an access and will fully control the device. Here are the affected Android Mobile Phone Models: - Pixel 1
- Pixel 1 XL
- Pixel 2
- Pixel 2 XL
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi A1
- Oppo A3
- Moto Z3
- Oreo LG phones
- Samsung S7
- Samsung S8
- Samsung S9
It was said that it can be work; - by accessing it inside the Chrome Sandbox -And it can be exploited remotely by combining it with a separate chrome rendering flaw. However, there is possible solution to this. Google will release a "PATCH" this October in most affected devices. Sadly, certain devices that are affected will not likely receive the said patch immediately aside from Google. Picel 1 and 2. Remember not to hastily download and install unnecessary and malicious apps from a third party app stores. Always think before you click. A full detail is available here.
|
|
|
|
MichaelX
Newbie
Offline
Activity: 27
Merit: 27
|
|
October 04, 2019, 01:56:46 PM |
|
Samsung S10 and Note 10 are not on the list. That's good if you're on the latest phone. And it says Chrome or Chromium.
Another reason for you to download a different browser and use that by default, like Firefox for Android, or Firefox Focus. I'm not sure what renderer the Samsung Internet web browser uses.
|
|
|
|
wwzsocki
Legendary
Offline
Activity: 2912
Merit: 1731
EMONEYMAX.NET - BEST SHILL TEAMS AND CHATTERS!!!
|
|
October 04, 2019, 03:43:20 PM Last edit: October 05, 2019, 02:30:47 AM by wwzsocki |
|
Samsung S10 and Note 10 are not on the list. That's good if you're on the latest phone...
But all other models like Samsung S7, Samsung S8, Samsung S9 are, which is scary enough and for sure, if not already then in the near future S10 and other newer models will be hacked soon (if not already ). It is of course very logical that all older models are already worked out, and newer ones are waiting in line. There is only a small percentage of new models compared to all models from recent years. It is much more profitable for hackers to work on older devices, because they have a lot more users, and thus potential victims and profits for them. For some time now, I am thinking of buying a new phone, because we have such times that without a decent smartphone it is impossible to function normally. I was looking for some really safe model for a long time and even set up threads in my local section, where I discussed with other Bitcointalk users this topic. Unfortunately, today I still have my old phone, because there is no secure smartphone yet developed and this vulnerability only confirms my statement.
|
EMONEYMAX.NET - BEST SHILL TEAMS AND CHATTERS!!! | FULL PROOF OF WORK IN REAL TIME (all links, screens are shared in special Telegram group) | GUARANTEED VISIBILTY OF OUR COMMENTS | NO SHADOWBANNS ON X! (or any other Social media) | DELETED IN FIRST 24h CONTENT IS REPOSTED AGAIN! (with full delivery rapports) | ONLY REAL PEOPLE - NO BOTS (delivery of bot traffic only on request) | WORKED WITH MORE THEN 400 CLIENTS!
|
|
|
Mahanton
|
|
October 04, 2019, 04:05:09 PM |
|
The bug was discovered by the researcher (Masdie Stone of Project Zero), they have already reported it to the Android Security Team. The said "Zero-Day Vulnerability" will bind to the Android kernel's driver which the attackers will have an access and will fully control the device.
A very serious bug we do have here knowing that past exploits towards Android OS does only mention on app access and getting some back door permissions but this one can potentially to fully control ones device which is really very dangerous.Trying to look out on the list of Phones and luckily my Xaiomi Black shark isnt included but this is still worried some.For security purposes im not even doing mobile banking nor installing any crypto wallet on my phone due to this possible reason.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
|
nakamura12
|
|
October 04, 2019, 09:33:59 PM |
|
A very serious bug we do have here knowing that past exploits towards Android OS does only mention on app access and getting some back door permissions but this one can potentially to fully control ones device which is really very dangerous.Trying to look out on the list of Phones and luckily my Xaiomi Black shark isnt included but this is still worried some.For security purposes im not even doing mobile banking nor installing any crypto wallet on my phone due to this possible reason.
My phone is also not list and you are right we can't help but worrying about our phones. Even though some phones are not in the list that doesn't mean it can't be exploited by bugs. It could be possible but let's hope that it won't happen in other mobile devices just like what happens to those devices that are in the list.
|
|
|
|
boyptc
|
|
October 04, 2019, 10:56:03 PM |
|
That gave me fear when I've seen 'android' however I've looked into the list and my phone's brand is there but luckily the model isn't there. Although right now, I'm still not confident after seeing this news.
|
|
|
|
Bitcoin_Arena
Copper Member
Legendary
Offline
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
|
|
October 04, 2019, 11:07:10 PM |
|
That's quite sad. Imagine flagship phones backed by google also being in the same list. =This just goes to show you that no system is totally secure. There is always away hackers will find to access and attack it.
Also always installing security patch updates is very important in keeping one's device secure.
|
|
|
|
smyslov
|
|
October 05, 2019, 02:59:01 AM |
|
Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.
|
|
|
|
Mahanton
|
|
October 05, 2019, 11:31:30 AM |
|
Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.
Not all on google playstore arent safe.Just take for example where it do ask out permissions of the app that can alter/modify/check your personal info and other things on your phone which is already worry some thing.Fake app reviews can easily be spotted out and anytime you do make downloads always check out their asked permissions and if you do find out that it isnt necessary or already going overboard then better not to proceed on. My phone is also not list and you are right we can't help but worrying about our phones. Even though some phones are not in the list that doesn't mean it can't be exploited by bugs. It could be possible but let's hope that it won't happen in other mobile devices just like what happens to those devices that are in the list.
Any device that do have internet connection would really be prone up to these hacks and exploits.So your self common sense would be a great weapon even we arent that tech savvy.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
akram143
Full Member
Offline
Activity: 1106
Merit: 166
★777Coin.com★ Fun BTC Casino!
|
|
October 05, 2019, 12:35:32 PM |
|
Damn my phone is on the list I would l have to uninstall applications my son installed mostly gaming applications, since there is a warning sign, Google play store should do a lot of verification on what applications should be on their store, people downloading those applications will have a hard time discerning they only depend on reviews and some of these reviews are fake.
Play protect doesn't check all the concerns of their terms while apps updated,they will take a look into it only if they got some complaint from the users recently many most downloaded apps also removed from play store due to privacy issues so you need to careful while clicking the approval things of any apps your are going to install,if its asking for unnecessary things then uninstall it at the first step.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6149
Crypto Swap Exchange🈺
|
|
October 05, 2019, 12:44:00 PM |
|
Remember not to hastily download and install unnecessary and malicious apps from a third party app stores. Always think before you click.
It should be common practice to download apps only from Google Play Store, and to check all available information about apps we want to install. In most cases users can prevent any damage if they make small research and google key words. It is bad for some users that patch for this exploit will not be available at all, or it will come with delay. This is reason to get some new model of phone, they get updates first. For example Huawei will update their smartphones with Android 10 in November 2019, starting with P30/pro, but some other Huawei models will get Android 10 in Q2 2020. Personally, I prefer to keep as little confidential information as possible on my smartphone, no matter what, operating systems are like Swiss cheese - full of security holes waiting for someone to discover them.
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2688
Merit: 3969
|
|
October 05, 2019, 01:19:35 PM Last edit: October 05, 2019, 01:41:41 PM by hugeblack |
|
Most of these vulnerabilities require additional components to work successfully, such as adding or connecting to a hard drive or installing/running a program. So you will be safe as long as you save your phone in a safe place and did not download a lot of applications or applications that are not trusted the source. Downloading apps from Google play doesn't mean it's safe + phones are not designed to be a permanent wallet/contain a lot of money "because they need to connect online a lot of times."
|
|
|
|
rocku12345
|
|
October 05, 2019, 03:18:31 PM |
|
AOSP Android kernel versions 3.18, 4.4 and 4.9 Only these versions of kernel are safe as I have understood from the link above. I still use my old LG G3s and seems it is a subject to be a bit worried. On stock firmware 5.02 i see Kernel version 3.40+... Will it be enough to download updated Chrome in future or I have to change my firmware/phone ? Google based browser has a good feature to connect passwords with many devices, but is it safe to use now before update, hmm.
|
|
|
|
Velkro
Legendary
Offline
Activity: 2296
Merit: 1014
|
|
October 06, 2019, 12:11:12 AM |
|
Here are the affected Android Mobile Phone Models: - Pixel 1
- Pixel 1 XL
- Pixel 2
- Pixel 2 XL
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi A1
- Oppo A3
- Moto Z3
- Oreo LG phones
- Samsung S7
- Samsung S8
- Samsung S9
This is big news and shows one more time that nobody should keep on mobile phone big amount of BTC. Keeping crypto offline is the way to go, you must treat then physical security seriously rather than internet/computer security which is hard also but whole different topic. Whatever you will chooose physical or internet security do it good, do not include mobile phone in this
|
|
|
|
peter0425
Sr. Member
Offline
Activity: 2828
Merit: 458
Vave.com - Crypto Casino
|
|
October 06, 2019, 12:38:16 AM |
|
Luckily I’m not android user lol 😂😂😂
But this will take effect to my sons Mobile so thanks for the sharing OP this is a big help as there’re lots of Android users worldwide
Another thing since you have the list meaning other Android that wasn’t on the list are safe from this!?like lower models and higher?
|
|
|
|
finzyoj
Sr. Member
Offline
Activity: 644
Merit: 255
CryptoTalk.Org - Get Paid for every Post!
|
|
October 06, 2019, 08:30:13 AM |
|
OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one. But now, I'm hesitating whether I will buy even any of those Xiaomi smartphones or not. I really like Xiaomi because it was cheap with high quality — a true flagship killer, but if it could be a threat for my security then I'll pass. This news made me realized that there are still advantages for having an outdated phone , probably I'll keep using it for the meantime or maybe search for a better brand.
|
|
|
|
abel1337
Legendary
Offline
Activity: 2492
Merit: 1145
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
|
|
October 06, 2019, 08:42:54 AM |
|
OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one. But now, I'm hesitating whether I will buy even any of those Xiaomi smartphones or not. I really like Xiaomi because it was cheap with high quality — a true flagship killer, but if it could be a threat for my security then I'll pass. This news made me realized that there are still advantages for having an outdated phone , probably I'll keep using it for the meantime or maybe search for a better brand. This ain't gonna hinder you from buying those xiaomi phones, It's just better to avoid those model which is on the list. There are many xiaomi Redmi series that aren't included in the list. As OP's statement said, Google releases a patch to the affected devices. The device on the list didn't receive any updates. I'm sure another xiaomi phone would not have this issue especially they are rising up and establishing their good reputation in the market. This case can happen on most of the android devices, Just be careful on what you are browsing or downloading. As time passes the ethical way to hack the phones is getting stronger.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2366
Merit: 1805
|
|
October 06, 2019, 11:53:17 AM |
|
OMG! Honestly I'm planning to buy one of the Redmi Note series this upcoming December (just a Christmas gift for myself) if I am able to save sufficient money to buy one.
If you read it carefully, you'll know how to avoid the bug just in case there is no way to fix it. It's not like your phone will go nuts only because it has a buggy kernel. Don't fall for the headline. It's misleading if you don't read the full news. Another thing since you have the list meaning other Android that wasn’t on the list are safe from this!?like lower models and higher?
Read the news, and you'll know the answer. Will it be enough to download updated Chrome in future or I have to change my firmware/phone ? Google based browser has a good feature to connect passwords with many devices, but is it safe to use now before update, hmm.
Updating the kernel would be the best choice. If your provider didn't provide an update for that, either you buy a new device or stop using Chromium if you're paranoid.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
nakamura12
|
|
October 06, 2019, 03:04:11 PM |
|
Updating the kernel would be the best choice. If your provider didn't provide an update for that, either you buy a new device or stop using Chromium if you're paranoid.
Fair point. Well, there is a way to prevent getting scam if your mobile device is in the list and all you have to do is never use that mobile device when accessing your wallet that can compromise your account. Don't use it for crypto purposes and not getting scammed because of a bug.
|
|
|
|
|