Peruna

Peruna

Forum Replies Created

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • March 24, 2016 at 9:21 pm #30771
    Peruna
    Participant
    • Posts: 4

    I meant no offence what so ever. I also understand that your rom is your hobby project and you have limited time to work with it. I was mostly in understanding that you think there is no risk with that security issue.

    Firefox is a good idea. Thanks for that.

    But anyway in Windows I get security patches from Microsoft when they release them. Google has made it’s Android in a way that Google can’t control when security patches end up in devices (if ever) which makes most Android devices vulnerable instantly when the manufacturer stops supporting them.
    Also with Windows I have more control what to run in them and when.

    March 24, 2016 at 6:21 pm #30756
    Peruna
    Participant
    • Posts: 4

    Sorry to be repetitive, but after I read quite a few articles about Stagefright articles I got that the actual exploit can be used by just making user go to a website that contains hacked mp4 file. Particularly this new way called Metaphor is a proof-of-concept how to use it: https://www.exploit-db.com/docs/39527.pdf

    That white paper is linked in http://www.theregister.co.uk/2016/03/17/stagefright_aslr_bypass/

    Only thing needed is to make user to go to a web site

    Is it big work to update to newer version with these fixes because to me this is a major vulnerability making me to use Windows in my tablet even though your Android ROM is much nicer to use.

    The Hacker News says here: http://thehackernews.com/2015/10/android-stagefright-vulnerability.html

    The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:
    • Webpage
    • Man-in-the-middle attack
    • Third-party media player
    • Instant messaging apps

     

    March 22, 2016 at 5:00 pm #30419
    Peruna
    Participant
    • Posts: 4
    mirek wrote:
    Peruna wrote:

    I really like your rom, but how is it’s state of security? Stagefright hack ( http://www.wired.co.uk/news/archive/2016-03/16/stagefright-android-real-world-hack and https://www.kb.cert.org/vuls/id/924951 ) seems to be working accoring to Stagefright Detector (which is developed by Zimperium, who found this issue). I think these are fixed in 5.1.1_r9

    I check that and … it works only on device those are able to receive MMS messages … in that case not concerns our tablet.

    Unfortunately MMS is not the only way to use the exploit. Wired article had this video that shows attack by website. And what I read it seems that any way to show mp4 videos is potential risk. MMS was the first found way to use this.

    EDIT: Or does it still require system to have MMS system?

    March 20, 2016 at 3:55 pm #30149
    Peruna
    Participant
    • Posts: 4

    I really like your rom, but how is it’s state of security?

    Stagefright hack ( http://www.wired.co.uk/news/archive/2016-03/16/stagefright-android-real-world-hack and https://www.kb.cert.org/vuls/id/924951 ) seems to be working accoring to Stagefright Detector (which is developed by Zimperium, who found this issue).

    I think these are fixed in 5.1.1_r9

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

Lost Password

Skip to toolbar