[SECURITY] Should Carriers Recall Phones with Serious Security Vulnerabilities? - General Topics

On July 21st, Zimperium Mobile Security group dropped word of the most pervasive and threatening Android vulnerability discovered to date: Stagefright. With the ability to remotely execute commands on an Android phone just by sending an MMS media message to an unprotected phone number, Stagefright is a rare exploit offering the entire keys to a user's castle. The fallout over the past few weeks has been swift, with Google moving rapidly to patch the underlying Android system vulnerability and push updates to manufacturers. Problem solved.
Except for the multi-millions of Android owners still using older phones which are no longer supported with regular system updates from their carrier. Currently, there is no plan from major cellphone manufacturers nor the telecom carriers to protect Android owners who still operate older model phones. This protection gap also extends into no-contract cellphone resellers who cannot pass through regular system updates. As such, there are currently a substantial number of Android owners who are not protected from Stagefright and the potential for having personal data monitored and stolen.
Given the severe implications of identity theft, financial loss, or personal embarrassment and endangerment due to the exposure of private information, have we arrived at a point when digital data security must be considered a matter of consumer safety? It is well established that car manufacturers must recall certain models due to defective parts or systems which endangered lives. Therefore, should phone carriers then also be expected to issue phone recalls when a serious security exploit is identified?
There are some past examples of phone carriers issuing recalls for defective batteries or total system faults that render phones inoperable, but no significant instance of a recall for a security related vulnerability. At best, carriers could take the initiative to implement low-cost phone exchange programs with no additional service obligation for users with outdated phones. Meanwhile, phones with current Android versions can largely be patched through ongoing updates. At worst, carriers can continue to place the greater burden of data security onto individuals and abuse emerging security vulnerabilities as a marketing device to drive more purchases of their newer devices. Regardless of how much or little of the cost carriers will assume, the stakes for personal data security will only continue to grow.

Related

Do consumers need protection from firmware/software bugs?

I get annoyed when I buy a phone or piece of software only to find I need to wait for firmware or other patches to fix it.
Microsoft have got away with it for years.
Take the magician, T-mobile say now no further upgrades. How easy would it be to add native a2dp, it claims bluetooth 1.2
The universal no working fax s/w, modem drivers, native usb disk drivers as opposed to active sync. No a2dp
Avantgo and other s/w not working on the supplied t-mobile build requiring a firmware upgrade and newer version of wm5 from t-mobile.
What constitues a working device? How many of you have had to use hacked or ftp'd rom's to get a stable device, no memory leaks.
How many people have bought a web camera?, printer only to find that the latest windows version does not have a driver, manufacturer won't supply one.
I think under environment and disposal laws , manufacturers should be made to support the devices for at least 5 years.
Consumers invest money and expect some care for their hard earned $.
I think there should be a better enforced 'suitability for intended purpose' on electronic equipment... we are unlucky with PPCs in that they are such an emerging technology right now, so they are full of bugs.
It is a valid issue you've raised.
The problems inherant in rushing a product to market are as old as the capitalist system!
If a company delays too long trying to get all the bugs out of a product they risk being beaten to the market by a competitor ... which is apparently bad. We have seen cases where superior hardware platforms have failed because they took too long to get to market, and software development was all committed to the first product, even though it was far inferior.
Continued development for an old product is less profitable than releasing a new product.
The irony is that companies can get away with releasing new products which have MORE bugs than the old one ... and people will actually pay money to upgrade. Often because they are attracted by features that they don't need, and which aren't properly implemented anyway.
But new or 'upgraded' laws will never stop this. Companies regularly break laws with little concern because they know that they can reap large profits which will offset the problems that may arise IF they are caught.
A pefect example of this is the body of laws governing the environment and abuse of it for dumping etc.
Companies react much more readily to market forces ... really bad publicity will do more to change a company's activities than laws. Look at Sony and their lovely little rootkit.
And the majority of consumers are simply apathetic.
At the risk of inflating egos ... people who can actually be bothered to seek out and participate in a forum like this are the elite. To actually consider flashing a new ROM onto your device is a concept that most members of the public would find overwhelming.
Blogs, webforums, and participating in projects like those carried out by XDA-DEV are more likely to impact on the future of Pocket PC's than laws which are unlikely to be written, and if they are, won't be enforced properly anyway.
That is true... it would be nice to think that perhaps the developers of Windows CE visit this site and learn from what the greatest members of this community has achieved.

if google are to 'license' manufacturers' use of android...

they should also make sure that manufacturers commit to an update schedule. in the heady world of phones, technology moves quickly, so to ensure consumer buying confidence they should commit to a timetable of android updates to ensure that all that goodiness on your phone can actually be used efficiently.
just my 2c.
yup agree... but requiring and enforcing are 2 different things.............

[Q] PHONE SIM banned from TABLET use

Why do mobile companies restrict the use of SIM cards from phones from being used in tablets?
While phones were mostly less powerful than the new tablet devices and the larger screens meant there was a greater data demand by tablet devices, this is certainly no longer the case.
Phones are now more powerful than most tablets and the rest are simply equal. Processors are quad core clocked at similar speeds, if not not higher speeds, the working memory is again the latest 1-2Gb configuration with 16-32GB internal NAND flash memory. With phones having the latest 128GB external SDXC memory support to compliment the superior camera resolutions of 22 Mega pixels. Cloud services are now just beginning to gear thewmselves up to cope with this data interchange whereas tablets still have only modest cameras. Phones do now have front and back facing cameras and the similarities continue to converge.
But crucially the screen resolution has become irrelavent because of technical innovation and it is commonsense the data is sent highly compressed through the Internet where it is decompressed and interpolated to match the local screen resolution by the local graphics processing unit, GPU. This item is again of superior design, as a matched technology to the central processing unit, CPU where the mobile phone market is concerned. Both CPU and GPU are expected to have multiple cores to improve performance and the designs are optimised to consume as little power as possible. A great advantage for a mobile phone. The competition leads to great performance in wider world applications and this is the reason for the extreme competition that has been encouraged in the mobile phone marketplace. But of course we, the public, are paying for this R&D whereas it used to be hideously expensive top secret military R&D budgets. The senate was worried about the cost of a hammer and a handfull of screws at one stage.
There has been a complete change in the definition of mobile phone and tablet where the OS is now exactly the same for each, being Android 4.x.x.
So why are telcos forcing people to purchase a separate SIM for each device? I am disabled. I need specialist communication software to assist me in communicating when I am travelling. For this the tablet is better. But while at home or when meeting friends during the evening the mobile phone is the better option. But the telcos refuse to let me use the same SIM in both devices. I cannot use both devices at the same time so I don't see the logic behind this situation.
The situation continues because the telcos think we cannot see they are continuing to enforce this barrier so that they can make a greater profit from users. Please help get people to recognise the false pretence that prevents us all from exercising a freedon of choice to use either device according to our intended purpose without the need to purchase separate SIMS. Afterall, because I can only use one device at a time why am I forced to pay for two 3G or 4G contracts with separate data components?
I don't see any common sense in this situation and I do think we are all being ripped off by this legacy programmed system restriction.
And I did install the phone SIM in my tablet after being told by the telco staff it was OK, where it worked happily for approx 12 hours. Later when I enquired how I could set up the voicemail and SMS services an arrogant technician then told me I could not install this SIM into a tablet, followed rather weakly by, it will stop working after a time.
Given the conflicting statements and the fact the SIM was working when I was being told it would not work I question the reality of the reason for it not working. It may be recognised by a systematic ID check. But the blocking of the data services after an arbitrary period of time raises the question, "Why shouldn't a SIM now work regardless of whether it is a Phone SIMor a tablet SIM.
The legacy rationale a history of tablets as they were originally a platform for advanced circuitry and software to be released and the resulting extra data demand to their internet connection lasted only as long as the phone market had not become so competitive that their technical facilities raced ahead of tablets. In fact the technological improvements in hardware and saftware have brought both devices to an equal status where users can choose the device according to the context of their intended purpose.. So much so that having more than one device to suit practical applications in varied social settings with no impact on the data portion of their respective uses. Example, you can now watch films or TV series while commuting.. Preferable to use a smartphone here. But you can continue exactly where you left off on a tablet or even a smart TV! The data compression and local pixel mapping to suit the resolution of the device is done locally and absolutely without any impact upon the data demand or stream.
There is no reasonable argument to continue differentiating between Phones and Tablets other than to enforce an obsolete regimen and to unfairly extract money from phone and tablet users who unwittingly pay twice for the same telephone and data services! Copyright(CC) Arclite 13-03-2015
I swap my SIM between my phone and my tablet several times a day. Never had a problem with it...

Android tablets in the enterprise-- how long before they should be replaced?

Greetings all,
I have been unable to find any sort of best practices for this, on this or any other site, so I hope you can provide some insights.
My company has just started to deploy Android tablets to users in the field and I am looking for guidance on the recommended replacement/retirement interval for standard consumer-level Android tablets. For standard desktops and laptops this interval would typically be 3 or 4 years, but given how quickly the Android OS changes and how quickly a device may be obsoleted by virtue of end-of-life or lack or ongoing OS upgrades I would assume that the effective lifespan of a tablet would be shorter than that, not to mention that these are going to be used by non-technical people who may not be treating them as electronic devices but more like paperbacks that run on batteries.
Already we are seeing devices coming back in for repair due to forced charging cable insertions and/or bent micro-USB connectors, as well as the standard cracked screens and such, so these may end up being destroyed before their expected usefulness has been achieved, and as much as we have made the case to management that we ought to be deploying ruggedized devices supported by enterprise-level MDM, they insisted on launching with Samsung Tab S2's and SOTI Mobicontrol for MDM.
So, choice of device and MDM aside, when would you,if you were administering this deployment, plan on refreshing the devices in the field? That is, taking the old ones back in and providing all-new ones before they begin to show age (not wear) related problems? Accounting can write them off over any interval but we want to replace them before the support becomes too burdensome and the devices too unreliable (affecting productivity).
2 years? 3? Something else?
Many thanks,
Matt

Business Security: A Top Priority

One of your top priorities at your company should be your data security. No matter what you do in your line of business, there will always be people out there trying to steal information, especially if you are storing client data they can use to their advantage. You may not even realize that you could penalized if you aren’t protecting customer information as actively as the government thinks you should, so there is even more reason to ensure your security is managed properly. Fortunately, you can use a managed IT security service to take care of it for you.
Wendy’s learning the hard way
Wendy’s recently opened an investigation into a potential security threat and has hired a security firm to look into the issues to determine the problem and how to fix it. Apparently, there were cards used legitimately at Wendy’s and then later used for fraudulent charges elsewhere, according to NBC News. Wendy’s is unsure of what exactly happened and is hoping for a quick investigation, so the problem can be resolved. Rather than being reactive in situations like this, it is much better if you are proactive and protect from loss of private data in the first place.
Similar thefts have been happening at many major corporations, including a high profile one at Target and one at Home Depot. It seems that many companies that think they are protected end up being less protected than they think when it comes down to it and they have to prove themselves. Don’t be like the other guys. Set yourself apart by getting your security taken care of right now.
Staying above the law
When it comes to protecting consumer information, the government is very strict, especially when it comes to the healthcare and banking industry. It is your responsibility to know the laws associated with your industry and ensure all your information is being stored and processed as it should be, which is one way a managed IT security service can help you.
Get your business security on track
If you need to get your business security on track, the best way to go is to work with a managed IT security service. This kind of service can come in, survey your current system, look for any holes, and work with you to determine the best security possible for your line of work. This will include discussions about legalities when securing customer information as well as finding any kind of current holes in the system. A managed IT security service is a top priority and will be proactive to prevent little things from falling through the cracks that you never expected.
IT news brought to you by intrinium.com
Source: nbcnews.com/business/business-news/wendy-s-looks-possible-security-breach-after-credit-card-fraud-n505231
Great Post
Business security is extremely crucial. With emergence of BYOD and mobile apps, it is a challenge for developers to continuously provide extremely secured platform to protect sensible information.
Look at security measures that you cannot ignore:<mod snip>

Categories

Resources