Remember a few weeks ago when we got the Android OS Update for a Security Fix but no details were provided? Well… I think now we know what that was all about. At the Black Hat Security Conference in Las Vegas, Charlie Miller and Collin Mulliner spoke about vulnerabilities in mobile platforms like Android, iPhone, and Windows Mobile.
The two researchers created a layer, called the injector, just above the bottom of the telephony stack that performs a man-in-the-middle attack by intercepting communication between a mobile device’s modem and multiplexer.
The pair state that they found multiple SMS vulnerabilities on Android and iPhone systems and are still working on Windows Mobile systems.
Uhohs! The problem is pretty severe, too. Check out how it effects the iPhone:
“This bug can be utilized for a serious denial-of-service attack since the victim can be effectively barred from making and receiving phone calls,” the researchers claim.
And the problem in Android is more permanent:
“The bug is similar to the second iPhone bug in the way that it kills the telephony process (com.android.phone) and thus kicks the Android device from the mobile phone network,” the pair state in their paper. “On Android the bug is a little more interesting since it will permanently kick the target device off the network if the SIM card residing in the phone has a PIN set.”
Apparently the iPhone problem still exists, leading some journalists to suggest you turn off your iPhone if you get weird text messages. Google on the other hand has already patched the problem for Android. And it couldn’t have been patched if they didn’t push the update to mobile phones, so we’re guessing that is EXACTLY what happened when making the update seen below:
Props to Google and the Android team for staying on top of things. And if you’ve got an iPhone… *golf clap*
haha (laughing at an iphone)
another win for android
http://www.youtube.com/watch?v=G5F0Ruzwos8 – PhoneDog Noah Dogfight pt1 Htc Hero vs Iphone 3GS =]
Hero i believe prevails!
This still affects users in other countries which do not have either the Android 1.5 update or the extra security update. Australia should be getting theirs in the next week. According to the carrier who has been unreliable at best with anything Android related.
LOL! Nice with the golf clap.
I am an iPhone owner, completely regretting my decision. I want Android now. I should have listened to my instinct, knowing that Google will always win in the end. Open platform, open source, etc. /sigh
Like 18 months to go…
i guess apple’s patch is waiting at the end of the line of all of those apps to be approved.
Hm. So that’s what that update was…I’m glad they fixed but the thing that scares me was the fact I would get tons of the text messages on my phone, I thought it was some odd spam so I got an app to block it from sending me them.
@ kyanro- yes, at the bottom of a stack of apps featuring: lighters that don’t light, beer you can’t drink, and farts that give no relief!
The Iphone is officially becoming obselete. I’m glad I gotta G1, cause at first I was thinking of getting a Iphone. Go G1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@Dillon thanks, thats exactly what i was thinking haha.
Yeah, Apple released iPhone 3.0.1 OS which patches this “flaw”. Perhaps y’all should do your homework before talkin’ sh*t. As for the iPhone being obsolete……keep dreamin’ folks.
I dont feel that much better since you are really just guessing at this.
heh… nice “Men At Work” reference. I use that all the time and no one knows what I’m talking about.
Hahaha all you guys talkin crap bout thee iphone
But we still the #1 company all you “android people”
Are using imitations of the worlds first ipod phone with multi touch tech… haha apple all the way everybody else are just biters
Hahahahahahahahahhaahaha
“everybody else are just biters”
lol.
This was patched immediately after Black Hat. You ‘roidies can get off your high horses now :)
Notice that it was patched AFTER Black Hat. Apple doesn’t normally move on patching exploits until they’ve been widely announced because of their “security by obscurity” policy. This was seen with the pwn to own exploit from last year as well. The same exploit was used this year to crack the browser even though Apple had been told about the flaw last year. I don’t have a problem with people who use Apple products, but as a company, they have a terrible attitude toward security.