Long Story short: Qualcomm chipsets/software have a bug which can let hackers take over the data on your phone .. and it looks like our phones may still have that vulnerability.
Can anyone else confirm this ?
Source: http://www.bbc.com/news/technology-37005226
App to check vulnerability : https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter
Related
Hello Desire S community, im going to updated my old desire for a Desire S next week ( yeah SGS2 is like a 2nd wallet on my pockets too big for me ) and i would like to ask if recent devices are affected by eMMC bad chips ? Is there a version 2 of the hardware already ?
Regards
Yekxmerr said:
Hello Desire S community, im going to updated my old desire for a Desire S next week ( yeah SGS2 is like a 2nd wallet on my pockets too big for me ) and i would like to ask if recent devices are affected by eMMC bad chips ? Is there a version 2 of the hardware already ?
Regards
Click to expand...
Click to collapse
I am curious to see some comments
I think XDA don't have this kind of Info yet. I'll try to get the newest device i can and i'll report it in this thread later.
Mine is waiting for motherboard replacement.but the local service center has no stock and they are going to ship it from Taiwan...it should be using the latest batch.will see what chip is being used in it though
How would you go about finding out what chip you have?
Trialsin said:
How would you go about finding out what chip you have?
Click to expand...
Click to collapse
you need to run this harmless read-only command from within terminal on the device or from adb on your PC (with device attached - and correct drivers installed) see links in my sig.
Code:
cat /sys/devices/platform/msm_sdcc.2/mmc_host/mmc0/mmc0:0001/name
Only able to get the phone with a bad chip stops me from buying Desire S. We'll have to buy Google Nexus S.
memtew said:
Only able to get the phone with a bad chip stops me from buying Desire S. We'll have to buy Google Nexus S.
Click to expand...
Click to collapse
We'll my phone has a so-called bad chip and I've had it since April (over six months) and it's still up and running, you just mustn't do daft things like pull battery etc....although I did that many times, before the community discovered that it was so risky!
There are guides on what best to do, in order to avoid the chance of any issues!
If you did "fry the eMMC chip" there is still some possibility of a warranty return.
Is there actually any evidence that it is a particular type or brand of eMMC chip that causes the problem?
My engineering experience would lead me to also look for a weakness in the design of some associated circuit (i.e. locking out write ability to the chip when battery voltage is below usable value).
- Steve
fasty said:
Is there actually any evidence that it is a particular type or brand of eMMC chip that causes the problem?
My engineering experience would lead me to also look for a weakness in the design of some associated circuit (i.e. locking out write ability to the chip when battery voltage is below usable value).
- Steve
Click to expand...
Click to collapse
Yes if you look here in the forum you'll find the names of the bad chips.
Hey,
just want to inform you, that 2.31 is vulnerable to a remote reset, too.
I tested it via stock browser and Firefox (beta).
Wait for a fix or read here for workarounds:
http://dylanreeve.posterous.com/remote-ussd-attack
You can test the exploit with an iframe "attack" as demo, which will just show you your IMEI:
http://dylanreeve.com/phone.php
WAP Push works, too. Tested it.
Bye
Use this app as workaround:
https://play.google.com/store/apps/details?id=com.voss.notelurl
Telstop also another that works well - https://play.google.com/store/apps/details?id=org.mulliner.telstop
My HTC One S with Viper ONE S ROM is vulnerable..
Just tested NoTelURL and TelStop and they work fine.
Thank you.
Just to let you guys know:
Droider has tried the Samsung Factory Reset code on an HTC One V, One S and One X - and it does nothing. As far as he knows, HTC don't embed a USSD Code for unattended Factory Reset (although of course he stands to be corrected).
So far all this can do is reasonably innocent and reversible things; if anyone knows any "Sinister" USSD codes for HTC, please let us all know.
Just tested on the latest (unnoficial) AOKP, not vunerable.
stonelaughter said:
Just to let you guys know:
Droider has tried the Samsung Factory Reset code on an HTC One V, One S and One X - and it does nothing. As far as he knows, HTC don't embed a USSD Code for unattended Factory Reset (although of course he stands to be corrected).
So far all this can do is reasonably innocent and reversible things; if anyone knows any "Sinister" USSD codes for HTC, please let us all know.
Click to expand...
Click to collapse
Check this out. http://forum.xda-developers.com/showthread.php?t=1683634
He can try some of these.
Viper 1.1.1 is affected too. But seriously, why don't you guys use security software (like avast!) as it blocks this kind of stuff?
Sent from my HTC One S using xda premium
TheForumTroll said:
Viper 1.1.1 is affected too. But seriously, why don't you guys use security software (like avast!) as it blocks this kind of stuff?
Sent from my HTC One S using xda premium
Click to expand...
Click to collapse
Viper Released 1.2.0 update for Htc One s which resolves the ussd issue. Nevertheless avast does a pretty good job!
Google fix problem with wifi-on battery drain (miscellaneous). https://code.google.com/p/android-developer-preview/issues/detail?id=189#c112
You do know that Miscellaneous is not specifically related to WiFi? It's just the difference between what The battery chip says has been used versus what android has guessed has been used?
google think
Google think (know) this hapened only if wifi on.....too many wake up samthing on wifi on......
satamateur said:
Google think (know) this hapened only if wifi on.....too many wake up samthing on wifi on......
Click to expand...
Click to collapse
Miscellaneous is specifically designed to highlight the difference I mentioned above. If you have Miscellaneous in your battery stats and click it to open, thats what it says. Whether Misc gets higher due to WiFi drain, sure maybe... but misc itself is nothing to do with wifi
ok
Ok my friend,i dont know abaut that,but people reported,and google.....misc. bttery drain only happened if wifi is on.....some people say radio from 4.4.2 not 4.4.4 is solution for better misc,but google not recomanded older radio for 5.0 (say not tested).....
I have good battery day life (all day + 3h screen on internet )(rom extrasmooth 1.2 with franko 66 kernel) all woking very good....
Dont kill the messenger...? and happy day to you
I have watched this rumour of 12 November release and delayed due to this bug blah blah blah unfold from the beginning.
+ArtemRussakovskii said in one comment on one personal post (not Android Police) that his source at Google had told him that the release had been delayed due to a bug (didn't specify what).
Then someone followed up his comment to say that a bug on the tracker had been noted as fixed.
Then someone put 2 and 2 together and made 17, and said that the bug must be what delayed the images being released.
Now the Android/Nexus 5 rumour mill has been reported and blogged that this issue was definitely what was delaying the release, and it definitely will be released next week!
Hilarious when you look at it from a distance, but irritating that people get sucked in to this web of he-said she-said rumour nonsense. All game from some throw away comment on a google+ post.
misc. connected with WiFi searching
http://www.slashgear.com/android-lollipop-release-delayed-battery-issues-persist-06354288/
Probably the same source
http://bgr.com/2014/11/06/android-5-0-lollipop-battery-life/
Posting the same copied rumour proves absolutely nothing. Android press has proven one thing over the years. None of them do their own research and just copy one another as truth
rootSU said:
Posting the same copied rumour proves absolutely nothing. Android press has proven one thing over the years. None of them do their own research and just copy one another as truth
Click to expand...
Click to collapse
I dont proves anything friend,only i hope (believe,but i believe in matrix ? ) is true,yes i know how press copy from....but i think source is official bug tracker....shame on google (xperia z line have "official" lollipop image,and very soon binaries),(not official like with sony bloatware,but made by sony)....ok no more post from android press...cheers....
So has samsung released a security update for it yet?
cantenna said:
So has samsung released a security update for it yet?
Click to expand...
Click to collapse
September patch for G8 allegedly fixes but at least one user says that a scanner still indicates unit is susceptible to Blueborne!
Garcol said:
September patch for G8 allegedly fixes but at least one user says that a scanner still indicates unit is susceptible to Blueborne!
Click to expand...
Click to collapse
Thanks forbthe news, pretty pathetic really with the timeliness turnaround, doesnt this defeat the purpose of knox security and safteynet entirely? shouldnt theses two sevices be regarded as non functional on units that are not patched? You would think so.
on linux atleast, vulnerability is two, the kernel (patching a buffer overflow) and bluZ (bluetooth software) Perhaps it is the same on andeoid and samsung just addressed one ofbthe two vulnerability invsept update.
well perhaps we can now get a new jailbreak using blueborne exploit for every non supported ios device now on the market and possibly a cydia patch to patch blueborne.
I had a chat with a Samsung Agent a little over a week ago. Attaching a screenshot that will hopefully be helpful.
In particular, there is an error in the Adreno 630’s rendering of a complex yet valid shader that can be exploited to make the device freeze then eventually reboot. A shader is simply a program that allows the GPU to render an image. GraphicsFuzz did not design the WebGL page with malicious intent to trigger this bug, and instead say it was incidentally discovered during their standard testing of GPU stability of devices. Once they discovered that this remote crash was reproducible, the company reached out to XDA-Developers to facilitate the disclosure process with both Qualcomm and Samsung.
https://www.xda-developers.com/the-...t-can-be-exploited-to-trigger-remote-reboots/
SM-G965U WebGL Crash
AndroidDevices said:
In particular, there is an error in the Adreno 630’s rendering of a complex yet valid shader that can be exploited to make the device freeze then eventually reboot. A shader is simply a program that allows the GPU to render an image. GraphicsFuzz did not design the WebGL page with malicious intent to trigger this bug, and instead say it was incidentally discovered during their standard testing of GPU stability of devices. Once they discovered that this remote crash was reproducible, the company reached out to XDA-Developers to facilitate the disclosure process with both Qualcomm and Samsung.
https://www.xda-developers.com/the-...t-can-be-exploited-to-trigger-remote-reboots/
SM-G965U WebGL Crash
Click to expand...
Click to collapse
Do you think this bug can be exploited to gain root?
Sent from my SM-G965U using Tapatalk
daddymikey1975 said:
Do you think this bug can be exploited to gain root?
Sent from my SM-G965U using Tapatalk
Click to expand...
Click to collapse
Because the exploit has to do with the GPU, i doubt it....
AndroidDevices said:
Because the exploit has to do with the GPU, i doubt it....
Click to expand...
Click to collapse
Reason I ask is because the article states that when the gpu pukes it causes a kernel panic, then forces a reboot..
I'm not a super intelligent guy when it comes to coding and such but from what I recall, most root mehlthids take advantage of a kernel panic (or at least that's my understanding).
Or maybe I'm completely wrong lol
Sent from my SM-G965U using Tapatalk
daddymikey1975 said:
Reason I ask is because the article states that when the gpu pukes it causes a kernel panic, then forces a reboot..
I'm not a super intelligent guy when it comes to coding and such but from what I recall, most root mehlthids take advantage of a kernel panic (or at least that's my understanding).
Or maybe I'm completely wrong lol
Sent from my SM-G965U using Tapatalk
Click to expand...
Click to collapse
Yea, i dont know much about exploits and such...
Ever since the stagefright exploits, Google broke everything into smaller pieces and have them running in a sandbox. So if you find an exploit in some area, it's most likely going to be self-contained, unless your exploit is major enough to break from the sandbox and affect other stuff.
this is not a big issue - the main cause of the issue lies in the GPU driver for the Adreno 630, part of the Snapdragon 845 chipset.
so once Samsung updates driver, it should be resolved - question is how fast Samsung fixes this?? - we all know sometimes it takes them months.
second, the bug causes freeze and reboots your device only affects Samsung Internet browser, other browsers just freezes for a few sec (no reboot) since other browsers have mechanisms in place to ends the GPU process after a set period, to prevent the device from crashing.
My SMG960U still has this issue
how can i go about fixing it. it also accur even when i'm not using any browsers