[Q] Hotfixes on Antivirus Apps--how accurate? - General Questions and Answers

Couple questions here.
360 Mobile Security gets plenty press by claiming it provides hotfixes. I haven't noticed new ones since 2012. I've noticed the same hotfixes offered to users upon installation of the app put onto any android I've observed to date. Obviously we're well into KitKat now, so are these hotfixes redundant by now due to upgraded systems since then? If not, then why haven't these issues been resolved with carrier or custom firmware by now? still claim to be exploits that your android needs even on the most recent phones. They explain what kind of exploits they'e patching, but not referencing the specific alleged exploit.
For older phones not yet rooted, does CM Security and/or 360 Security fix the MasterKey exploit and other older ones now fixed by JB 4.3 and KitKat? They don't mention that they do, yet they may do so. They also do not discuss whether they address dirty USDD issues, etc.
Thanks for any responses.

Related

JB rant and options ?

I cannot believe the state of JB. Its beta software at best, IMHO.
Example, when typing in a gmail body, if you backspace, the cursor loses its position in the text. And there are issues with inserting new paragraphs and such. These are elementary programming bugs. How long did they test JB before they pushed it to the servers ?
Someone needs to push out an upgrade for JB ASAP. I suspect that ASUS pushed JB out prematurely to capture better Christmas sales. If they don't issue an update its going to backfire on them.
Is there an Android repository somewhere that has global updates, not just ASUS updates ?
I'm new to the whole Android scene. I'm an experienced Linux user.
Why is Android not rooted from the get go ?
Why does hardware come locked down ?
I think Android would be a lot better OS if Google et al opened things up and made it easier for developers to contribute to it, especially prior to the major releases.
Companies want to sell devices. Why do they need to lock the OS to the device ? They already have the OS locked to the device by only supplying proprietary drivers to the OS of their liking. I understand that you might get users harming the hardware by doing illegal things, turning up the cell radio transmitter power, anyone ? But short of that, how is a smart phone different from a PC or laptop where you can easily do what you want with the OS ?
I think JB would be a better product if it was more open and everyday people contributed to its development. Imagine how much better it would be if it followed the Fedora development process whereby a few rcs were released prior to putting it into "stable".
And we could spend our time logging and fixing bugs instead of fooling around with figuring out to unlock, root and flash devices. It would be a win-win for everyone. What Google is doing now is akin to if Fedora (Ubuntu) closed their development process.
I think that Google is afraid that Android is going to get forked in some direction it doesn't like. However, if they keep going the way they are, its almost certain that will be the case anyway.
/rant
I find the wireless router industry fascinating. What does Cisco have to lose by allowing users to flash whatever they want on their hardware ? They have the best of both worlds right now... sell routers locked down for the average person and yet everyone knows how to flash them to build super routers. I think this is the direct the open handset people need to go.

Major Security Bug, or Universal Root?

http://www.huffingtonpost.co.uk/2013/07/04/bluebox-android-security-bug_n_3545216.html
So we have a bug present in virtually all of the Androids. Everyone's talking about the security risks, but all I can think of is that it would be an excellent method to root my otherwise unrootable phone (Softbank 201M; Japanese Razr M).
I imagine some slight tailoring may be required to get this to work on different phones (changing which App is replaced, version numbers, etc), but that would be basic, compared to the code base itself.
Has anyone actually started exploiting this for good instead of evil? I'm wondering if this is something I should try to do myself, or if it'd be better to just let someone with more free time do it first.
Omegaclawe said:
http://www.huffingtonpost.co.uk/2013/07/04/bluebox-android-security-bug_n_3545216.html
So we have a bug present in virtually all of the Androids. Everyone's talking about the security risks, but all I can think of is that it would be an excellent method to root my otherwise unrootable phone (Softbank 201M; Japanese Razr M).
I imagine some slight tailoring may be required to get this to work on different phones (changing which App is replaced, version numbers, etc), but that would be basic, compared to the code base itself.
Has anyone actually started exploiting this for good instead of evil? I'm wondering if this is something I should try to do myself, or if it'd be better to just let someone with more free time do it first.
Click to expand...
Click to collapse
Vulnerabilities leading to root are always a security risk. Problem with this one, is it can be possible to pull off without the user directly knowing what is going on. Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Now, what is this about Softbank 201M and Japanese Razr M not being rootable? Do you have either of these phones or their firmware?
jcase said:
Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Click to expand...
Click to collapse
This. I'm sure we'll be seeing a flood of rooting methods based off the Bluebox discovery, given that they say this flaw is present as far back as Donut.
The Thanks button is just to avoid "THANKS" posts in threads. Nothing more. Don't defeat the purpose of why it was introduced.
jcase said:
Vulnerabilities leading to root are always a security risk. Problem with this one, is it can be possible to pull off without the user directly knowing what is going on. Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Now, what is this about Softbank 201M and Japanese Razr M not being rootable? Do you have either of these phones or their firmware?
Click to expand...
Click to collapse
The 201M is the Japanese Razr M. I do indeed own the phone, and the firmware (at least the old version) is available in the Razr M forum. I've spent a lot of time trying and modifying different root methods to work with it, and nothing has worked so far. Haven't gone far enough to really risk bricking my phone, though (like trying to install the Verizon firmware and root that). No one has yet found a root for it, though. Possibly due to a lack of developers; possibly due to Softbank waiting months after the release of updates in the US to find the root methods and break them before release (such as destroying the entire ADB backup to make that root method fail). As you might imagine, it's somewhat frustrating. Doesn't help that there's a lack of developers with the specific version that know much about rooting at all.
Even tried the Japanese sites. No luck.
Omegaclawe said:
The 201M is the Japanese Razr M. I do indeed own the phone, and the firmware (at least the old version) is available in the Razr M forum. I've spent a lot of time trying and modifying different root methods to work with it, and nothing has worked so far. Haven't gone far enough to really risk bricking my phone, though (like trying to install the Verizon firmware and root that). No one has yet found a root for it, though. Possibly due to a lack of developers; possibly due to Softbank waiting months after the release of updates in the US to find the root methods and break them before release (such as destroying the entire ADB backup to make that root method fail). As you might imagine, it's somewhat frustrating. Doesn't help that there's a lack of developers with the specific version that know much about rooting at all.
Even tried the Japanese sites. No luck.
Click to expand...
Click to collapse
if u can get the recovery out then it is possible to root the device

Is there a method for patching the Stagefright vulnerability on Android 4.3 Touchwiz?

I know I could switch to an AOSP ROM and this would not be an issue, but I can't abide the poorer signal quality. I don't know if Samsung has said whether they'll be issuing a patch for the GS3, but even if they do, we'll need to wait, probably months, for Verizon to pass it on to us. Even when that happens, it will probably come packaged with a locked bootloader, like the 4.4 update. I've already disabled auto-retrieve MMS, but from what I understand, MMS is only one possible attack vector for this vulnerability. So, is there any method available to patch this security hole for those of us who have an unlocked bootloader and are on a Touchwiz 4.3 ROM (I'm on CleanROM 8.2). I've read that it would be possible to write an Xposed module could conceivably do this, but none exists yet.
Hopefully the new Nexus phones will work on Verizon...
Jacquestrapp said:
I know I could switch to an AOSP ROM and this would not be an issue, but I can't abide the poorer signal quality. I don't know if Samsung has said whether they'll be issuing a patch for the GS3, but even if they do, we'll need to wait, probably months, for Verizon to pass it on to us. Even when that happens, it will probably come packaged with a locked bootloader, like the 4.4 update. I've already disabled auto-retrieve MMS, but from what I understand, MMS is only one possible attack vector for this vulnerability. So, is there any method available to patch this security hole for those of us who have an unlocked bootloader and are on a Touchwiz 4.3 ROM (I'm on CleanROM 8.2). I've read that it would be possible to write an Xposed module could conceivably do this, but none exists yet.
Hopefully the new Nexus phones will work on Verizon...
Click to expand...
Click to collapse
I highly doubt there will ever be a patch for older devices. Unless of course someone creates a rom with the newest patch built in. The Nexus devices just got the latest Google images which has the Stagefright patch in it. The Nexus 6 works on big red, who knows about future devices. I personally love my N5 and it will never work on big red
Sent from my Nexus 5
ShapesBlue said:
I highly doubt there will ever be a patch for older devices. Unless of course someone creates a rom with the newest patch built in. The Nexus devices just got the latest Google images which has the Stagefright patch in it. The Nexus 6 works on big red, who knows about future devices. I personally love my N5 and it will never work on big red
Sent from my Nexus 5
Click to expand...
Click to collapse
Yeah, my backup plan in case neither of the new Nexus devices comes out on Verizon is to pick up a current Nexus 6, or maybe even switch to Windows Phone. It's becoming clear that Samsung's (and pretty much every other Android phone vendor's) solution to security holes on "older" phones is "buy a new phone".
Jacquestrapp said:
Yeah, my backup plan in case neither of the new Nexus devices comes out on Verizon is to pick up a current Nexus 6, or maybe even switch to Windows Phone. It's becoming clear that Samsung's (and pretty much every other Android phone vendor's) solution to security holes on "older" phones is "buy a new phone".
Click to expand...
Click to collapse
That's very true. Honestly I wouldn't take any OTAs on VZW even on a nexus device. They have a way of royally messing up every thing they touch
Sent from my Nexus 5

Should I update?

Nothing is broke, I dont see why I should update. I've learned my lesson about updating when everything is working fine. I'm on Tmobile with an unlocked N10+.
Updates are more likely to bring improvements than problems. And without updates, you have no protection from newly discovered security vulnerabilities. So I'd recommend updating unless you're ok with the possibility of someone remotely and covertly taking over your phone.

Question March Firmware?

Has anyone received the March firmware yet (US, unlocked)? Given that the patches for the massive baseband vulnerabilities are included in the March version, I was hoping Samsung would get it out ASAP, but still nothing on my end. Wanted to see if I was alone in this?
For that matter, did anyone ever receive an update in February for this phone? The last update I've got is for the January Security patch (also brought OneUI 5.0 to the phone).
A535E with March here, but from what i know, those vulnerabilities will be fixed with April release.
I believe I saw an article somewhere that said you can turn off WiFi calling on your device to protect yourself from the vulnerabilities until the patch to fix is released.
nsfxpython said:
I believe I saw an article somewhere that said you can turn off WiFi calling on your device to protect yourself from the vulnerabilities until the patch to fix is rereleased
Click to expand...
Click to collapse
And then there was an article like it may have been patched already or something.
Use it or don't. Whatever
I'm keeping mine on.
@tmeader
Updates with Samsung happen when they happen no matter what one you get. Some may be worse than others depending on what holds them up. Its all kind of random though. Unlocked doesn't mean much for timing.
Unfortunately disabling WiFi calling doesn't actually negate the issue. You'd have to turn off both WiFi and LTE (which is now basically impossible to do in the US) to protect yourself properly. I was just hoping that Samsung would try to speed things up given that its an issue explicitly with their modem hardware.
tmeader said:
Unfortunately disabling WiFi calling doesn't actually negate the issue. You'd have to turn off both WiFi and LTE (which is now basically impossible to do in the US) to protect yourself properly. I was just hoping that Samsung would try to speed things up given that its an issue explicitly with their modem hardware.
Click to expand...
Click to collapse
Yeah, was just going to say that. Forgot that's actually why I wasn't turning it off. Doing so won't necessarily help in this case.

Categories

Resources