I hope it more than just stagefright in there and some extra mods!
Stupid security patch didn't even fix all of stagefright screw verizon
Which this update stuff were true for us :/
Related
Stagefright is very serious issue on android devices not known to many android users.
Currently I am using CM12 Nightlies on my N5.
I read about Stagefright sometime back and found that my phone has been sending and receiving thousands of SMS and MMS. So i blocked all access to CM12 Messaging app using Privacy Guard. Privacy Guard is one reason why i love CM12, loved slimrom too...
Attached are screenshots of my Messaging app and a report by Stagefright Detector.
1. How android phones are really hacked by simple SMS/MMS
2. More about Stagefright
3. XDA on Stagefright
Did google really fix this and did CM do anything about this??? I believe majority of the testing is done on N5 and other nexus devices.
this is frightening!!!
How many of you have been exposed to this???
Lordificated said:
Did google really fix this and did CM do anything about this??? I believe majority of the testing is done on N5 and other nexus devices.
Click to expand...
Click to collapse
Yes, it did. With official release of Marshmallow (build MRA58K), all CVE's, that Stagefright Detector is checking, are fixed, and device is not vulnerable. Your issue is on CM side, not Google's.
First of all, blocking MMS access on Messaging will only prevent a small portion of the exploit. Stagefright is a large library, it basically plays *every* media file (based on my knowledge). This includes stuff that browser plays (for example : webm video, like YouTube) all of these are handled by Stagefright and FFmpeg library.
But, the good thing is, the library is not exploited widely. This means there's no wide range attack (based on reports online). No need to worry, the issue is internally fixed on Google side, if you can update to latest CM nightly release the issue might be fixed.
Srandista said:
Yes, it did. With official release of Marshmallow (build MRA58K), all CVE's, that Stagefright Detector is checking, are fixed, and device is not vulnerable. Your issue is on CM side, not Google's.
Click to expand...
Click to collapse
I guess they did, on Android M...
as you said, Stagefright detector says there are no vulnerable CVEs on my N5...
Moved from CM to Stock 6.0... But I am not sure if I love the App Permissions settings of 6.0 over the Privacy Guard in CM12...
still :good:
F4uzan said:
First of all, blocking MMS access on Messaging will only prevent a small portion of the exploit. Stagefright is a large library, it basically plays *every* media file (based on my knowledge). This includes stuff that browser plays (for example : webm video, like YouTube) all of these are handled by Stagefright and FFmpeg library.
But, the good thing is, the library is not exploited widely. This means there's no wide range attack (based on reports online). No need to worry, the issue is internally fixed on Google side, if you can update to latest CM nightly release the issue might be fixed.
Click to expand...
Click to collapse
yes, i read the same about Stagefright... being a large library used for almost all media access, most of the apps we use triggers Stagefright... but as you said, now that nobody knows the extend of vulnerabilities of Stagefright, we can only prepare for what we know!
A few days ago, I started getting random apparently blank MMS messages from unknown urls in Hangouts. Looks like my phone / number is being targeted by someone trying to leverage one of the recent Stagefright vulnerabilities. I've got auto-downloading of MMS messages disabled in Hangouts and the stock Sony Messaging client, so probably (?) no immediate danger. But I am only on the last Kit Kat rom because I've been bitten before by abysmally bad battery life in Lollipop.
So options...
5..1.1 - sounds like battery life is better now than it was originally in LP. Can anyone verify that all the Stagefright vulnerabilities are even fixed in the latest for the Z3c? I have a Z1C test phone around the office here, and last I checked its latest 5.1.1 rom did not resolve all of those issues.
6.0 Concept - looks promising....but early MM wasn't immune to Stagefright problems either. Can anyone check if whatever anyone not part of the early program can install is free of this vulnerability?
Unfortunately, I need to run a secure app platform / email app for work, which means that I can't root or run xposed - stock roms only.
johdaxx said:
A few days ago, I started getting random apparently blank MMS messages from unknown urls in Hangouts. Looks like my phone / number is being targeted by someone trying to leverage one of the recent Stagefright vulnerabilities. I've got auto-downloading of MMS messages disabled in Hangouts and the stock Sony Messaging client, so probably (?) no immediate danger. But I am only on the last Kit Kat rom because I've been bitten before by abysmally bad battery life in Lollipop.
So options...
5..1.1 - sounds like battery life is better now than it was originally in LP. Can anyone verify that all the Stagefright vulnerabilities are even fixed in the latest for the Z3c? I have a Z1C test phone around the office here, and last I checked its latest 5.1.1 rom did not resolve all of those issues.
6.0 Concept - looks promising....but early MM wasn't immune to Stagefright problems either. Can anyone check if whatever anyone not part of the early program can install is free of this vulnerability?
Unfortunately, I need to run a secure app platform / email app for work, which means that I can't root or run xposed - stock roms only.
Click to expand...
Click to collapse
The whole stagefright vulnerability affects a huge percentage of devices running LP, while Android has claimed to have "fixed" most of the vulnerabilities some still remain in 5.1 but they are really not that impactful when it comes to using the phone.
With regards to security, you are never really "safe". The very fact you download apps like Facebook or Youtube already makes your internet life an open book, probably right now your phone sends anonymous data to Sony at set intervals.
True enough - no phone anyone really wants to hack into is 100% secure, and the more popular, the more they're going to be targeted. Specifically, I was wondering if anyone had run this tool:
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
on either 5.1.1 or 6.0 Concept? I have access to a few different phones that pass all these checks, but several that don't. The standard 4.4.4 on the Z3c fails all but one. A small comfort - but figured it was worth checking.
As for PI leakage, true, but different issue. I'm personally much happier with Google's methods where we have a dashboard that shows what information they're slurping up by the second, than others (like many manufacturers) that bury it in a massive T&C. We at least have some control over that vs. exposure to these security holes.
Hi guys, my first post here, first thanks for your attention!
As you know the watch recently receives upgrade notification and will be upgraded to Marshmallow (api level 23) if you accept the notification.
The thing is, I got some code running on several watches which require api level 22 and would not work under api level 23, so I decided to flash all the watches back to Lollipop.
Here comes the problem, how do I block any further notification which ask user to do system upgrade? I need to make sure 100% that the system environment does not change.
Any help is highly appreciated !
Btw the devices have been rooted, and there are bunch of ways to block OTA update on the phone if you search, but seems no one has posted any information about blocking OTA on watch.
guys i am able to record calls 2 way wonderfully. u can try it for yourself.
i have nokia 6.1(2018) with latest update of security patch
thanks.
https://forum.xda-developers.com/showpost.php?p=79374018&postcount=149
Since the latest update (at least on AT&T) it appears the Nest notifications are not respecting the Night Mode setting, and are showing up white (see screenshot) making them unreadable. Is anyone else seeing this as well and possibly have a workaround?
I don't think the app gets to determine colors of notifications. That should be the scope of the OS and not the app. That's a weird bug.
Just a quick update on this. AT&T's August update out today (CSGB) appears to fix the issue of the unreadable text!
Crap. Looks like I was wrong. The issue is not fixed...
I'm using a Note 8 (SM-N950U) with T-Mobile and have the same issue. Started after a August security update and didn't change after a September security update. It's not just Nest notifications that are not rendering correctly. Weather Channel app does the same thing. I'm using Good Lock and QuickStar but have uninstalled, cleared cache and still nothing changed. Hoping someone with Samsung theme knowledge may know what the conflict is and what solution (if any) we can look forward to seeing.