Jump to content


Photo

900 million androids effected!?

- - - - -

  • Please log in to reply
14 replies to this topic

#1
Colossae3.23

Colossae3.23

    Addict

  • Members
  • PipPipPipPipPip
  • 606 posts
  • Gender:Male
  • Location:South Wales
  • Devices:Nokia Lumia 720
Since I've been living in WP8 land, I came across this, and thought it would be good for people to know.
If it ain't true, please accept my apologies.
If it is, here's hoping the devs on here can patch this on the all custom roms that on the forum.

http://www.neowin.ne...orking-on-a-fix

  • 0

#2
sharkyo01

sharkyo01

    Enthusiast

  • Members
  • PipPipPip
  • 286 posts
  • Gender:Male
  • Location:Walsall
  • Devices:Raised from the Dead G300 :P
Sounds scarey... Cannot see why it is not true.

But I would hope it would get more coverage if this is true. e.g. BBC, ITN etc

  • 0

#3
joandrade

joandrade

    Regular

  • Members
  • PipPip
  • 124 posts
  • Gender:Male
  • Location:Portugal
  • Devices:Huawei Ascend G300
  • Twitter:@0xJoao
This will only affect you if you side load apks to replace system apps. Calm down

  • 0
If I helped you, hit the green rep button. :)

#4
sharkyo01

sharkyo01

    Enthusiast

  • Members
  • PipPipPip
  • 286 posts
  • Gender:Male
  • Location:Walsall
  • Devices:Raised from the Dead G300 :P

This will only affect you if you side load apks to replace system apps. Calm down


I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely.

Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that...

Edited by sharkyo01, 04 July 2013 - 06:22 PM.

  • 0

#5
joandrade

joandrade

    Regular

  • Members
  • PipPip
  • 124 posts
  • Gender:Male
  • Location:Portugal
  • Devices:Huawei Ascend G300
  • Twitter:@0xJoao

I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely.

Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that...


Yes, this is getting really blown out of proportion. I suggest you read this comment on the link gizmodo posted on facebook:

"This security exploit is not new and in fact has been used in a different way by ROM makers to mod system apps without breaking the signature that allows these apps to run with system level permissions.

An APK (container for apps) is essentially just a signed zip file (rename an apk to zip and see for yourself). Devs use tools to decompile and recompile the code located in the classes.dex file inside the apk. (I've done this a few times myself as well.)

In other words, Android developers who mod apps have known about this for a long time. This is just FUD. You still have the issue of having to enable side loading and then install the new malicious system APK over it - the Android installer even says "This will replace a system app".

This is only taking advantage of dumb users. No different than Trojans on Mac OS X, which oddly enough many downplayed the significance of for the very same reason."

(https://www.facebook...151693994398967)

  • 0
If I helped you, hit the green rep button. :)

#6
Colossae3.23

Colossae3.23

    Addict

  • Members
  • PipPipPipPipPip
  • 606 posts
  • Gender:Male
  • Location:South Wales
  • Devices:Nokia Lumia 720
Sorry for the fuss, lads. To be honest, it is coming from a windows focused website, and they could be leaving things out; either due to ignorance or just to say something bad about the competition ...

  • 0

#7
joandrade

joandrade

    Regular

  • Members
  • PipPip
  • 124 posts
  • Gender:Male
  • Location:Portugal
  • Devices:Huawei Ascend G300
  • Twitter:@0xJoao
It's alright, I'm just trying to share the information so people can understand what's really going on

  • 0
If I helped you, hit the green rep button. :)

#8
george109

george109

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,106 posts
  • Gender:Male
  • Location:Kent, England
  • Interests:Cycling, Tech and Canoeing
  • Devices:Samsung Galaxy S4 - GT-I9505

I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely.

Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that...

This is a very common thing! Please check your permissions, if a game wants to call phone numbers, or send messages then alarm bells should be ringing as it does not need to as to bill it can use the google play billing service!

  • 0

Hello. I have an S4 now, and I hardly ever use MoDaCo now. 

Therefore you will receive no replies to any PMs

Please post in the forum instead. You will get more help there :)

:excl:A WARNING TO ALL G300 OWNERS! Please Read! (The Flash Memory Problem!) :excl:

Tutorial: How To (Officially) Unlock Your Bootloader! (The long way, but which definitely works)

Please, Do not use the HuaweiG300.com Tutorial on how to unlock your bootloader, it is better to unlock it officially with my tutorial!

Spoiler

My Device:

Huawei Ascend G300 (U8815) - Sold!

Samsung Galaxy S4 (Black) - The LTE Version - GT-I9505

(Ignore the links above (if there is one). It's a skimwords (advertising) link and nothing to do with me!)

The ROMS I have used:

Spoiler

Download Blink, a great app that controls the status LED on the G300!

Wait for 5 seconds and then click skip ad! Do not download anything in the ad window, that is not the app!

Did I help you?

If I did, Please press the rep_up1.png button, in the bottom right hand corner of my posts.

(If not, Press it anyway!)

If I really helped you, you could also donate to me. Thanks!  :) 


#9
mnirun

mnirun

    Regular

  • Members
  • PipPip
  • 55 posts
  • Devices:Huawei Ascend G300
Here is an universal patch solution using Xposed framework, tested with my G300.

[FIX][XPOSED][4.0+] Universal patch for "Master Key" + "Bug 9695860" vulnerabilities

Before patch.

Posted Image

After patched:

Posted Image

  • 0

#10
denzele

denzele

    Diehard

  • Members
  • PipPipPipPip
  • 306 posts
  • Gender:Male
  • Location:Down Under
  • Devices:Huawei Ascend G300- Ascend P1
Well Google made a fix/patch for this back in February apparently when no one didn't even know about this..but just for Google phone/tablet..Cyanogen team's working on patch soon for new update..for all others roms search "Rekey" app in Playstore and patch this bug so stay safe and do it fast..must have a root of course..

Read here..http://www.androidpo...their-carriers/

Edited by denzele, 17 July 2013 - 02:42 AM.

  • 0

#11
sharkyo01

sharkyo01

    Enthusiast

  • Members
  • PipPipPip
  • 286 posts
  • Gender:Male
  • Location:Walsall
  • Devices:Raised from the Dead G300 :P
And vodafone are still sitting on there Larry's... Good work!

  • 0

#12
denzele

denzele

    Diehard

  • Members
  • PipPipPipPip
  • 306 posts
  • Gender:Male
  • Location:Down Under
  • Devices:Huawei Ascend G300- Ascend P1
For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some.
About this app "Rekey" it"s trusted app developer team so should work fine.

  • 0

#13
sharkyo01

sharkyo01

    Enthusiast

  • Members
  • PipPipPip
  • 286 posts
  • Gender:Male
  • Location:Walsall
  • Devices:Raised from the Dead G300 :P

For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some.
About this app "Rekey" it"s trusted app developer team so should work fine.


Do "rekey" and the "universal patch for master key" do the same thing. I have both running on my phone just trying to work out what one I really need or can i get away with just using one?

  • 0

#14
denzele

denzele

    Diehard

  • Members
  • PipPipPipPip
  • 306 posts
  • Gender:Male
  • Location:Down Under
  • Devices:Huawei Ascend G300- Ascend P1
I guess they do. I'm only running Rekey . Really up to you which one you want to use or trust .

  • 1

#15
sharkyo01

sharkyo01

    Enthusiast

  • Members
  • PipPipPip
  • 286 posts
  • Gender:Male
  • Location:Walsall
  • Devices:Raised from the Dead G300 :P
Thanks for the reply I am going to stick with Rekey as it is a far better app imo.

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users