x PhoneArena is looking for new authors in New York! To view all available positions, click here.
  • Options
    Close




Researchers discover Android security flaw which renders more than a billion devices vulnerable

0. phoneArena 26 Mar 2014, 08:59 posted on

While a new update is being installed, a bug that researchers named "Pileup" could allow parasite malicious apps to be "smuggled" with the software, posing as replacements for safe update files that are already present on the file system and assigned permissions...

This is a discussion for a news. To read the whole news, click here

posted on 26 Mar 2014, 09:01

1. valapsp (Posts: 474; Member since: 12 Aug 2011)


watttttt?

posted on 26 Mar 2014, 09:18

11. itsdeepak4u2000 (Posts: 2625; Member since: 03 Nov 2012)


Yes, that too comes up with the updates given by the OEMs.

posted on 27 Mar 2014, 08:48

42. tasior (Posts: 214; Member since: 04 Nov 2012)


Every system is vulnerable during update. It's logical. Update means changing system. If the update is infected it infects the system. That's why it's crucial, to get update from reliable source.

The only difference between Android and Windows or IOS is that, Android allows You to be the judge, whether the source is reliable. Windows and IOS can be updated only by MS and Apple.

posted on 26 Mar 2014, 09:02

2. papss (unregistered)


Shocking...

posted on 26 Mar 2014, 10:29 2

31. Arte-8800 (Posts: 4402; Member since: 13 Mar 2014)


YES PAPSS your beloved platform is bulling and and insulting others while there w8 platform has more hackers and virus than android and OSX

posted on 27 Mar 2014, 06:56

41. sgodsell (Posts: 1228; Member since: 16 Mar 2013)


Naturally Microsoft has to find this security flaw. We can all rest easy now knowing that Microsoft is always looking out for our best interests. Yeah, right. The world knows how trust worthy Microsoft is when it comes Android.

posted on 26 Mar 2014, 09:06 6

3. chunky1x (Posts: 233; Member since: 28 Mar 2010)


Not really surprising to me. My Windows 7 have way way more security risk than Android, iOS and Windows 8 combined.

posted on 26 Mar 2014, 09:07 17

4. Troysyx (Posts: 139; Member since: 30 Jul 2012)


Anyone else find it odd that it came from researches at "Indiana University and MICROSOFT"??

posted on 26 Mar 2014, 09:16 2

8. itsdeepak4u2000 (Posts: 2625; Member since: 03 Nov 2012)


Yeah, I thought the same.

posted on 26 Mar 2014, 09:16 1

9. PapaSmurf (limited) (Posts: 8300; Member since: 14 May 2012)


Uh huh. That's sketchy.

posted on 26 Mar 2014, 09:32 8

17. Ashoaib (Posts: 2016; Member since: 15 Nov 2013)


You got a point... why microsoft is researching on androids vulnerabilities??? microft should focus on its own os...

posted on 26 Mar 2014, 11:58

35. blade19 (Posts: 59; Member since: 29 Apr 2011)


yup...

posted on 26 Mar 2014, 09:08 2

5. networkdood (Posts: 6267; Member since: 31 Mar 2010)


Oh no, perhaps I should get a Windows phone...hmmm, nm...how about an iphone? Yeah, ok, so every phone has a security risk...Phonearena just stop with these lame stories...

posted on 26 Mar 2014, 09:18 1

10. PapaSmurf (limited) (Posts: 8300; Member since: 14 May 2012)


Not worried at all. Lookout Premium will get the job done.

posted on 26 Mar 2014, 09:29 1

15. networkdood (Posts: 6267; Member since: 31 Mar 2010)


Tried it, never had a need for it and I have been using Android for 4 years now...

posted on 26 Mar 2014, 09:49 2

26. PapaSmurf (limited) (Posts: 8300; Member since: 14 May 2012)


It's pre-installed on my Note 3 and I got the Premium suite for free. It actually works as it prevented me from downloading several APKs and mp3s that were Trojans and malware. Can't complain. :)

posted on 26 Mar 2014, 09:51 1

27. networkdood (Posts: 6267; Member since: 31 Mar 2010)


hey, that is good, though - but, I never had those problems - but good to have that protection...

posted on 26 Mar 2014, 09:24

12. androiphone20 (Posts: 1441; Member since: 10 Jul 2013)


If you really thought that this report was looking to get you to buy a phone from another platform then you probably clicked on the wrong link. You take it to the most literal sense it's cray.

posted on 26 Mar 2014, 09:29 4

14. networkdood (Posts: 6267; Member since: 31 Mar 2010)


Actually, this is exactly what the report is doing - look at the sources of the report....Luyi Xing
, Xiaorui Pan
, Rui Wangy
, Kan Yuan
and XiaoFeng Wang

Indiana University Bloomington
Email: fluyixing, xiaopan, kanyuan, xw7g@indiana.edu
yMicrosoft Research
Email: ruiwan@microsoft.com

posted on 26 Mar 2014, 09:37 4

20. Ashoaib (Posts: 2016; Member since: 15 Nov 2013)


Please add ching ming chong from hongkong :))

posted on 26 Mar 2014, 09:39

22. networkdood (Posts: 6267; Member since: 31 Mar 2010)


not up to me - ask Indiana U and microsoft :-)

posted on 26 Mar 2014, 11:53 1

34. Ashoaib (Posts: 2016; Member since: 15 Nov 2013)


Probably Microsoft will add Bill Paid and Tallmer ;)

posted on 26 Mar 2014, 09:30 2

16. networkdood (Posts: 6267; Member since: 31 Mar 2010)


This is the source of the article -http://www.informatics.indiana.edu/xw7/papers/privilegescalationthroughandroidupdating.pdf

It is just another company creating a scare, and lo and behold Microsoft is involved...and that in itself is ironic....

posted on 26 Mar 2014, 09:09

6. androiphone20 (Posts: 1441; Member since: 10 Jul 2013)


Same as Dendroid?

posted on 26 Mar 2014, 09:38

21. Ashoaib (Posts: 2016; Member since: 15 Nov 2013)


No dandruff :p

posted on 26 Mar 2014, 09:11 1

7. androiphone20 (Posts: 1441; Member since: 10 Jul 2013)


This is the part where Eric takes back his words

posted on 26 Mar 2014, 09:28 2

13. protozeloz (Posts: 5375; Member since: 16 Sep 2010)


while in parer this sounds like a lot,it requires quite a few things to actually be pulled (like bypassing the package verification processes before the install) while this could be a security issue and should be addressed I don't see how the average user (read the one not flashing random roms) could be affected by it

posted on 26 Mar 2014, 09:33 4

18. Sniggly (Posts: 7015; Member since: 05 Dec 2009)


While it sucks that the vulnerability exists in the first place (though it sounds like Microsoft was really working on finding vulnerabilities that they can use in attack ads against Android) it sounds like Google is already working on solutions to the problem.

Someone once pointed out that while security has to think of every possible entry point in software, hackers only have to find one way in. I'd say for as popular Android is, it's impressive that vulnerabilities like these are found so rarely.

posted on 26 Mar 2014, 09:33 1

19. networkdood (Posts: 6267; Member since: 31 Mar 2010)


If you go here:http://secureandroidupdate.org./
it is explained in greater detail and you can see who is behind this info...

posted on 26 Mar 2014, 09:43 4

24. Sniggly (Posts: 7015; Member since: 05 Dec 2009)


Nice. They take an opportunity to plug their own "security" app.

Not saying the problem doesn't exist, but between that and Microsoft's involvement, I smell a rat.

posted on 26 Mar 2014, 09:47 2

25. networkdood (Posts: 6267; Member since: 31 Mar 2010)


oh yeah, typical corporate crappola

posted on 26 Mar 2014, 09:43 1

23. networkdood (Posts: 6267; Member since: 31 Mar 2010)


Just for kicks I installed it...OMG!!....found nothing...

Lol, and there is even a review of the app by one of the researchers....

posted on 26 Mar 2014, 09:53 1

28. boosook (Posts: 995; Member since: 19 Nov 2012)


Great job, Microsoft! You worked hard for many years, but you've finally found a vulnerability in Android! ;)

posted on 26 Mar 2014, 10:27 2

29. Arte-8800 (Posts: 4402; Member since: 13 Mar 2014)


and there windows platform is full of trojans and hackers

cant clear up there own platform and talking about android, pathetic jealous they are

ms and google never get along, even LINUX users hate MS

posted on 26 Mar 2014, 10:28 1

30. isprobi (Posts: 197; Member since: 30 May 2011)


If you only install only carrier updates or phone vendor updates and only install apps from from Gogle Play Store how likely is this scenario? I would guess not very likely. If you choose to go outside this safe zone then you take your chances.

posted on 26 Mar 2014, 10:46 2

32. Liveitup (Posts: 1226; Member since: 07 Jan 2014)


It isn't surprising that many are using the "attack the messenger, not the message" technique. Open operating system has their advantages and disadvantages, unfortunately this is one of those disadvantages. If I'm correct I think Android lead said recently that Android is not designed to be safe. Open and closed OS has their advantages and disadvantages. Wish some Android fans could see realize this instead of thinking open is better than closed cause one isn't better than the other just different.

posted on 26 Mar 2014, 22:41

39. networkdood (Posts: 6267; Member since: 31 Mar 2010)


I prefer an OS that lets me do what I want - if I want a great big wall with limitations I would go with an iphone or a windows 8.1 device...but, the whole point of Android is to allow the users, who know what they are doing, to do as they wish...

posted on 26 Mar 2014, 10:48

33. taz89 (Posts: 2014; Member since: 03 May 2011)


Lol as always if you stick within the legit wall whixh is 99% of people then your pretty much safe.

posted on 26 Mar 2014, 13:21 2

36. lyndon420 (Posts: 1737; Member since: 11 Jul 2012)


Not worried :-) Show me an operating system that doesn't have flaws, and I just might have some prime desert land to sell you ;-)

posted on 26 Mar 2014, 19:02 1

37. xche78x (Posts: 101; Member since: 11 Mar 2014)


someone is affected by the news that google android phones are going to crawl to the business sector side.... hmmn way sloppy doing this then deliberately having a @microsoft email

to my understanding all OS are vulnerable to hacks when they impersonate system files, i have seen this many times on windows XP and even win7. win8/8.1 has a good first line of defense so i haven't seen those system hacks here yet...

posted on 26 Mar 2014, 20:00 1

38. roscuthiii (Posts: 1801; Member since: 18 Jul 2010)


A security app developer wanting to peddle their own app... I get that. A company wanting to identify a competitor's product's flaws... I get that too.

What I don't get is a supposedly tech savvy mobile device site not seeing it for exactly what it is and reporting it as such. More and more... this site traverses the slippery slope from credible consumer information to click-supported blog.

posted on 26 Mar 2014, 22:42

40. networkdood (Posts: 6267; Member since: 31 Mar 2010)


it is all about the money they gain from us ad clicking, except I block this site's cookies and ads....

Want to comment? Please login or register.

Latest stories