Millions of Android devices can be hacked through JPEG image

vbimport

#1

We’ve just posted the following news: Millions of Android devices can be hacked through JPEG image[newsimage]http://www.myce.com/wp-content/images_posts/2014/10/Android_Robot_200-95x75.png[/newsimage]

Millions of Android devices are vulnerable to an attack that required nothing more than the user viewing a malicious .JPEG image, no further user interaction is required. The culprit is a software library in Google’s mobile operating system that read outs out EXIF data from JPEG files.

            Read the full article here: [http://www.myce.com/news/millions-android-devices-can-hacked-jpeg-image-80394/](http://www.myce.com/news/millions-android-devices-can-hacked-jpeg-image-80394/)

            Please note that the reactions from the complete site will be synched below.

#2

Hmm, whatever can will be abused to the maximum extent possible. Sadly that is the truth.

As a sidenote: It is no comfort in telling you that social media is much more dangerous either, but it is… Every arena online has to be considered shark infested waters, trouble is all you youngsters out there has become so accustomed to living your life online and so when I say my phone never enters the net, you probably shake your head thinking I’m a retard and maybe so… but a safe retard then

We have only seen the tip of the iceberg and it will go from worst to even worse since most equipment and software is developed from a feature starting point while it really has to start, continue and finish with security.

That is the challenge we’re up against and one that it seems will have to be learned the hard way, sadly. Hopefully I will come online even with my phone sometime in the future, but so far only a computer gives me enough control :rolleyes:


#3

[QUOTE=Xercus;2780566]That is the challenge we’re up against and one that it seems will have to be learned the hard way, sadly. Hopefully I will come online even with my phone sometime in the future, but so far only a computer gives me enough control :rolleyes:[/QUOTE]

Going back further in time (ie. to the 1990s), I didn’t answer the phone unless I recognized the number of an incoming call via callerID. I usually just left the answering machine to take most of the calls. Most of the time, only important stuff like the doctor, dentist, lawyer, parents, etc … left messages on my answering machine. (An additional layer was to have an unlisted phone number).


#4

[QUOTE=jcroy;2780568]Going back further in time (ie. to the 1990s), I didn’t answer the phone unless I recognized the number of an incoming call via callerID. I usually just left the answering machine to take most of the calls. Most of the time, only important stuff like the doctor, dentist, lawyer, parents, etc … left messages on my answering machine. (An additional layer was to have an unlisted phone number).[/QUOTE]
You assume people could afford to pay for the extra caller ID back them. That was not a cheap option to have. The Answering machine is your best Guard then you catch the real calls and fake one will hang up when they get the Answering machine and the same is true with VoiceMail.


#5

In THIS day and age, exploits are a dime a dozen. Though it is incumbent upon google to scan emails for the exploit code before sending the messages-- that would put an end to this kind of exploit quick. The other problem is android as an OS seems to keep getting orphaned on many prepaid phones. This is big fodder for exploits. Google and handset makers need to be able to keep updating parts of the OS without updating the WHOLE and THAT INCLUDES orphaned prepaid phones too!


#7

Yet another poignant reminder that phones should not be surgically attached to your hand and that their true purpose is for “Verbal” communication. Have never enabled data on any of my phones and the only app installed (aside from the preloaded, undeleteable crap) is “Call Blocker”.


#8

It’s not just prepaid phones that are left in the cold. I have a Motorolla phone from Verizon that’s still running 4.1.2. Basically, unless you bought your phone last week, or unless it’s a really, really, really popular model (for example, a Samsung Galaxy), you’re screwed. You’re totally at the mercy of your phone’s manufacturer, and if that manufacturer refuses to support the phone, there’s not much you can do. Of course, that’s assuming your unable/unwilling to install a third-party Android distro.

This is why my sister loves Apple phones. Pretty much any recent iPhone model will be able to run the latest IOS. Of course, unless I’m mistaken, you have to crack each an every version in order to install apps that aren’t distributed through Apple’s store. I also don’t know of any way of syncing music to/from a computer without Apple’s proprietary iTunes client. At least with Android devices, you don’t have to crack the OS to sideload.