>Millions of Android devices vulnerable to new Stagefright exploit
http://www.wired.co.uk/news/archive/2016-03/16/stagefright-android-real-world-hack
The exploitation, called Metaphor, is detailed in a research paper (PDF) from NorthBit and also a video showing the exploit being run on a Nexus 5. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.
https://youtu.be/I507kD0zG6k
>Co-founder Gil Dabah told WIRED the exploit could be altered by those wanting to cause more damage. Approximately 36 percent of the 1.4 billion active Android phones and tablets run Android 5 or 5.1, with Dabah warning that devices lacking the latest updates would be vulnerable.
pretty cool that they beat the ASLR
Custom ROMs or Nexus phones are the only way to go. Having a vendor ROM means being perpetually out of date.
>>53535845
MIUI and CM does not care
>the exploit requires users to open a video file from a stranger
android is finished and bankrupt!!
Fuck, I thought this was a different vulnerability than the one already discovered. This is old news.
>>53536615
getting actual remote code execution past the ASLR is new
>>53535845
Am i safe with CM 12S installed?
>>53536593
you'd be surprised how many people will open it...
>need to open a video file
I recall reading this months earlier when stagefright was discovered. it's not new. this is just their proof of concept being tested in the real world.
regardless my MM ROM does not give a shit.
>>53538087
to expand on this, the attack vector was often described as google hangouts defaulting to auto retrieve MMS. simply turning that feature basically made you immune because no one is going to open suspicious video file from russian email address.
>>53538106
So 4.4.2 is safe?
>>53538463
>So 4.4.2 is safe?
if you disable that feature in hangouts and don't open suspicious video files.
or just use a custom ROM.
>>53538106
>>53538087
>>53536542
You know what the problem with those analogy is?
a) I cant root my phone, its not possible and on my other phone is possible but simply not rewarding yet as custom OS
b) If you are a "normie" you most likely dont care about that shit and get BTFO'd
c) Disabling something to prevent an EXPLOIT(!) is not an option imo, because the hole is still in the wall, you just put some tape over it and hope it doesnt get wider.
All in all, I use android, but im really considering going for an iFuck for my next phone, also google pushing all those shill apps out to me isnt a thing I really like
>inb4 just root your phone
>>53538657
What phone do you have?
>>53538990
Xperia Z1 Compact as in the phone that doesnt have really rewarding ROM's (last time I tried when the phone was indeed rooted they were shit, that was like 1 1/2 years ago and now the bootloader is locked again because I reverted to stock)
The other Phone is a Galaxy S7 which I got for free and will be selling on because I just hate it in general. I just dont like it. I had an old iPhone 4S which I had for years until it didnt get updated to iOS 8 and I got on an Android then.
I mean I dont like Apple in general and I dont like them as desktop pc's or tablets, dont get me wrong there, because I can actually work on PC's but with my phone it needs to be "jus twerks" because its an organizer and helping tool in real life. And that is why I will probably go back on an iOS device.
>>53539103
What do you hate about the s7? I am in love with mine
Is it touchjizz?
>>53539211
Generally I dont like samsung.
>>53539347
You are really bad at elaborating
>>53539430
I dont like the general touchjizz shit, I dont like Android atm and also the non-rooting atm. I mean everything can happen but still...
>>53535845
>stagefright again
And that's why I ditched my smartphone and went with a netbook, I like actually having security updates along with a full browser that can use regular addons for protection.
FUCKING JEW MANUFACTURERS LICKING ME FROM DOING MY OWN UPDATES
fuck you SAMSHIT
>>53540537
LOCKING* fuck
>>53538053
Check your security patch level, I think this was fixed in the Jan 1 patch
>>53538078
exactly just pretend to be a hot grill and show them your burgers
>tfw
>>53540537
>buying samsung
>>53535845
>NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.
Wow, a bunch of devices that haven't seen upgrades in a year.
and Apple wins again..
>>53544607
They'll fix their rootpipe exploit one day.
>>53540537
>can't install a custom rom on a Samsung phone
u wot?
But are still being used widely, so stfu
G900v galaxy s5
5.0, am I safe or how can I be safe?
I dont think I can root or use a custom rom
>>53545900
pls respond
>>53536593
Opening a video file is something that is generally considered safe to most people, even those who are usually security conscious. People don't expect media to cause problems.
really, this wouldn't be an issue except for the fact that people end up running old as shit Android versions because their devices don't get updates
>>53535845
>TFW security patch 1st march
>>53535845
>Android 5 or 5.1
cm13 herrenrasse
>>53538657
Not my fault you bought a shit phone that can't be rooted.
Not my fault you didn't root your phone when you could and just wait for a custom ROM instead of locking it forever.
Not my fault you're an idiot.
You deserve to get fucked my stage fright.
>>53545900
I have a G900i rooted with CM13 installed. https://autoroot.chainfire.eu/
>>53535941
>Nexus
I have a Nexus 4, which won't go further than 5.1.1, latest update was in September :( N10 is still receiving 5.1.1 updates, fucking greedy google. I think I'll switch to CyanogenMOD though I'm affraind of ending up with a bricck
>>53552197
Once you get a good recovery like CWM or TWRP running, you dont have to worry about a brick so much. Just remember to backup your stock ROM.
>>53552212
Well, I have stock image from Google and I can always install it with fastboot tool. I saw CyanogenMOD provides a recovery .img file in the newer version. Si I'll try that.
Heh, I just checked, there's a stable version 13 for it (: I'll try this weekend
>>53552279
just create your own recovery img
>>53535845
So I'll have to upgrade my Moto G 1st gen to latest CM13 nightly? Damn, I'm really enjoying 5.1.1
Good to know.
That's what you get for not using a Nexus (or one of the few other phones that get regular security updates)
>>53553236
It detects the latest vulnerability ?
>>53549311
>not seeing the general objective, that most people wont root and install a customrom by pajeet
>rather shitpost
10/10 you made me reply.
>>53553486
I think CM has installer for some of the popular devices that is really simple but I get what you're saying. Expecting that average user will know how to root or install custom ROM is hilarious.
>>53553446
>Security researchers have successfully exploited the Android-based Stagefright bug
The vulnerabiltiy relies on Stagefright itself
>>53552197
> Oh no, my Commodore 64 won't run Windows 10! What money grabbing bastards.
>>53553548
Just did a check on my CM Lolipop and it passed. I guess I'm safe
>>53553575
More like
>oh no my desktop from 2012 won't run Windows 10
>>53540537
It's your carrier locking the bootloader, not Samshit.
>>53553539
Yeah but replying to me the guy thought that everyone can root everything. Yes CM Installer, Towelroot and the alikes make it easy but for some things it doesnt work. And like I already said, my phone must be "jus twerk", since its a life companion for me and Im not keen on rooting, reinstalling, fucking up etc, but it seems like saying that on /g/ is most likely that you get sperglord answers.
>>53535845
why do you even want it
as it stands that's still pretty good support for them to putit on phones that old lord knows android can only dream of such retention.
>>53553236
Latest update for "Stagefright Detector":
November 20, 2015
Latest released Stagefright-vuln:
March 2016
Moron.
