Highlighted

Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Member

Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

http://www.npr.org/sections/alltechconsidered/2015/07/27/426613020/major-flaw-in-android-phones-woul...

Labels (1)
1 Solution

Correct Answers
Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Sr. Leader

That's only for the open source section none of the proprietary stuff. Like Sense, Touchwiz, etc. The RIL/HAL/Kernel are open source, but the code has to be accepted to ensure it doesn't break what manufacturers add.

Manufacturers have a fix, and Google has a fix. Google hasn't even patched their own Nexus devices other than the Play Nexus 6.

If you want to protect yourself for now until the fix comes. Turn off Auto-retrieve for MMS. Your phone can't process what isn't downloaded.

View solution in original post

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Member

Bump. And add this question: What is Verizon's official response to the exploit called 'stagefright'? Is there a work around like many people are reporting (stop using Hangouts, turn off auto-retrieve of mms)?

There is a lot of FUD out there on many Internet forums caused by the announcement of an exploit that has been acknowledged by the vendor (Google) with no mention of a work around. Only that the patches have been created by the vendor.

-derry

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Member

+1

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Member

I habitually disable auto-retrieval of MMS, however I am very much considering not renewing with Verizon due to concerns over the speed of security updates. Considering today's technology, the concept of just upgrading devices over a few months old isn't going to combat the development of these security breaches. I would like to know if there is any official acknowledgement by Verizon and plans for how to roll out security updates for this issue and others, and there will be others without a doubt.

Further review of the issues; Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch (link)

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Member

Verizon what is your plan to fix this bug?  This will not just go away if you ignore it.  "Your security is important to us" is your tag line when we sign-in.  This is day one and counting, when will you have a fix?

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Sr. Leader

Google already made the fix and gave them to vendors,  They now have to implement the fix and such.  Unlike popular belief carriers don't touch code like the media spits out.

HTC already on record their next update will have it.  No other vendor made a comment on it.  T-Mobile officially stated it's up to the vendors to fix the exploit with their devices. 

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Sr. Leader

from the link provided in the OP

Wireless Carriers

T-Mobile: "These kinds of security fixes are usually released by our third-party device partners, so we're working with them to ensure those security updates have been deployed." Also, the company says, "You may wish to contact the device manufacturers directly, as they can tell you more about their specific plans for these security update releases."

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Member

Bump again. There should be a way to mark this sticky to keep it at the top of the topics list. I think this warrants full attention to the community.

To people saying 'have to wait on the vendor'. This is understandable but not what I'm asking for. I'd rather have a patch but I'm looking for an official statement from Verizon saying that 1.) they are working with the vendors x, y, and z to make a patch available. 2.) In the mean time we have a way to work around the issue and better protect yourself. Similar to the T Mobile statement. I don't think this is asking too much. No statement just adds to the uncertainty of the situation and will led to distrust of the company. 

Also, it's disingenuous to say 'carriers don't touch the code'. Technically they don't touch the base code but they have a say on the software package being released. Otherwise I wouldn't get crapware on phones I've rented purchased through the carrier. VZ Navigator, VZ Protect didn't't show up on a phone because I installed them. If they want to get a patch out quickly it can happen.

Thanks

Derry

Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Sr. Member
Highlighted

Re: Will Verizon release a patch for the recently announced vulnerability of Android phones to hacking via text?

Member

+1 for Derry's interpretation of the Carrier/Manufacturer relationship. Understanding that this applies to all of the carriers where they have problems with providing releases. Verizon tends to drag it's feet the most to "do proper testing."

Has anyone seen any public acknowledgement by Verizon that this problem exists?

This looks like the issue has been in play since at least April and is just now hitting the news, so I assume Google kept it under wraps until they had the patch. I've been trying to watch the forums and the news outlets, and Verizon to catch any sign of an official acknowledgement, much less a plan for resolution; by code or by a manual work-around like disabling Hangouts or blocking unknown MMS messages.

I get that coding isn't magical and instant, but this is a serious issue that may allow someone to gain a foothold on my home network (or any work networks out there that people have connected their phones to). Unless I've misread the situation, the keys to the kingdom are kind of a big deal.