Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

153 comments

Sorry! There are no comments related to the filter you selected.

Great (1, Offtopic)

Billly Gates (198444) | about a year and a half ago | (#42309267)

Does that mean I can finally root and upgrade my crappy Galaxy S1 with Android 2.1 yet? Fucking AT&T

Re:Great (1)

aliquis (678370) | about a year and a half ago | (#42309283)

Billy Gates wrote:

Does that mean I can finally root and upgrade my crappy Galaxy S1 with Android 2.1 yet? Fucking AT&T

You still prefer that one over your Lumia 920?

Re:Great (-1, Offtopic)

Billly Gates (198444) | about a year and a half ago | (#42309317)

My POS phone can't even sync with my computer. I was dissapointed in Android until I found out the one I purchased had DRM AT&T software to cripple it. I can't sync anything without outlook, can't backup files, can't even upgrade as a result of this attrocity.

My cap makes using Dropbox an issue. However I do not think it is supported on my ancient version of Android.

I plan to get a dumb phone next when my contract expires. I got ripped off. However, I have spoken to more recent galaxy S users who say they have none of my problems. The Galaxy1 is a rippoff and makes me wish I got something else.

The Lumia can sync with Outlook and files on your computer so it is a plus and not crippled like my dumbphone galaxy is. I know I am probably going to be modded down into an oblivion for this reply, but it is just my bad experience with mine and my frustrations over the years. Maybe yours is better?

Re:Great (3, Informative)

kamapuaa (555446) | about a year and a half ago | (#42309367)

Google, this is an easy thing to do. I can't guarantee this site but: https://gurde.com/2012/08/how-to-android-jelly-bean-4-1-1-on-galaxy-s-i9000/ [gurde.com] is the first result I got.

Re:Great (1)

mrbester (200927) | about a year and a half ago | (#42309707)

The SGS is pretty much brick proof, even if you screw up the simple root instructions.

Currently running over clocked (Semaphore) CM 10 JVT with no problems.

Re:Great (1)

elashish14 (1302231) | about a year and a half ago | (#42309485)

Why not leave AT&T then?

Re:Great (0)

Anonymous Coward | about a year and a half ago | (#42309601)

I still have my Galaxy 1 and I can do all the things you listed and am quite happy with it, and I was able to upgrade the firmware beyond 2.1. Of course, I'm not in the US with its overall shitty market.

Re:Great (1)

aliquis (678370) | about a year and a half ago | (#42309783)

Maybe yours is better?

That's very off-topic but I don't even own a smartphone :)

I think they are expensive. I likely should get a used one either simple and cheap or one of the latest ones but cheaper than retail (and keep it up to date for longer, as I see things phones like the Galaxy Gio haven't fallen much or at all in price the last 1-1.5 years so getting an old phone and hope for something better to show up for a good price somewhat sooner may not be a path to success.)

I've thought about getting a used S III and was rather close to getting a cheap S III LTE which someone nearby sold (don't ask me why at that price) but the issue for me is that the Nexus 4 in U.S. and parts of the Europe got such an awesome price and better spec (though it supposedly run hot) and may be more future proof. It doesn't list at those prices in Sweden as of now but I have no idea whatever we will have similar prices or ability to get it for similar prices from further down in Europe or if we are screwed. For 4500 SEK for a new Nexus 4 I'd rather pick a "used or opened but new" S III LTE for 2700 SEK as this one was listed for. For 2700-3000 SEK for both however the Nexus 4 will be faster, don't have a PenTile screen, got a good looking though likely easier breakable back side.

The S III got some other advantages though, eventually the S III software do some good things stock Android doesn't. AMOLED is nice to (Nexus 4 got IPS though) but what's more interesting I suppose is the runs hot issue of the Nexus 4 and user replacable battery and microSD-card slot on the S III. Over here the regular S III "only" got 1 GB of RAM which would imho make it seem less future proof but the LTE model got 2 GB so that solve that issue.

To be able to get root as a user is just an advantage to me. However I suppose that might mean user installed applications may also be able to get root access.

Re:Great (-1)

Anonymous Coward | about a year and a half ago | (#42310419)

Have you tried shoving it up your stanky cunt?

920 is a tank (-1)

Anonymous Coward | about a year and a half ago | (#42309467)

I'm sick of hearing of lumia propaganda from that dieing horse of a company. The 920 is a 185 gram, 10mm tank of poo. It's for people with Stockholme syndrome who try to convince versatile people with compact phones to be stupid like them and walk around with holes in their pants..plus it only runs crappows 8. "Really" smart people have a hTC One S, an iphone 4s, or a nexus 4. The Galaxy sII is also tolerable. Best of the new breed - nexus 4 on cost.

Nokia will always regret not going with android I think.

Re:Great (2, Informative)

Anonymous Coward | about a year and a half ago | (#42309289)

That phone has been rootable for ages. It runs Ice Cream Sandwich and even Jellybean quite smoothly with the proper ROM/kernel.

It's a feature !! (4, Insightful)

Taco Cowboy (5327) | about a year and a half ago | (#42309417)

Instead of considering that "security hole" a "security hole", consider it as a "feature".

Just root the damn thing and unlock it !!

Re:Great (0)

Anonymous Coward | about a year and a half ago | (#42309303)

Download samsung-Kies. Easy to upgrade to 2.3 iirc.

Re:Great (2)

Nerdfest (867930) | about a year and a half ago | (#42309315)

Installing anything with Kies is just torturing yourself. A Galaxy S1 runs Jelly Bean quite nicely, and it runs faster than stock 2.1 I find. The next phone I buy will be checked for Cyanogen support before I buy it.

Re:Great (1)

Billly Gates (198444) | about a year and a half ago | (#42309327)

DRM software on it wont let me sync it to any computer. I tried that route.

Re:Great (1)

Nerdfest (867930) | about a year and a half ago | (#42309431)

You should be able to put it into a raw download (hold Vol up + Vol down in off state while plugging uSB into it) mode and use Heimdall, where you can flash a complete image over of it. Poke around for it, it's a fairly easy phone to root, and You'll be much happier with JB on it.

Re:Great (5, Funny)

Anonymous Coward | about a year and a half ago | (#42309567)

You should be able to put it into a raw download (hold Vol up + Vol down in off state while plugging uSB into it) mode and use Heimdall, where you can flash a complete image over of it. Poke around for it, it's a fairly easy phone to root, and You'll be much happier with JB on it.

I want to like my iPhone, but Android is just SO OPEN.

Re:Great (1)

Teknikal69 (1769274) | about a year and a half ago | (#42309779)

And I'm stuck with my much newer S Advance on Gingerbread 2.3.6 they never even patched the last exploit for it.

I still love the phone though don't get me wrong it's pretty capable but it's quite sickening the way Samsung ignores it just because the S3 came a few weeks later.

Re:Great (1)

emag (4640) | about a year and a half ago | (#42309481)

I rooted mine 2 years ago, while at a conference. What's been stopping you? CM10 is out for it, and I installed that last week. Of course, Friday my Nexus 4 arrived, so I don't need to touch my SGS1 ever again...

Re:Great (2)

cmdr_tofu (826352) | about a year and a half ago | (#42309583)

Galaxy S1 is easy to root! You have to be careful and follow instructions, but it's easy. http://wiki.cyanogenmod.org/wiki/Samsung_Galaxy_S [cyanogenmod.org]

Also Samsung has it's own update process called Kies, but it won't give you root: http://pages.samsung.com/ca/androidupgrade/English/ [samsung.com]

I love my Samsung Galaxy S

Re:Great (0)

Anonymous Coward | about a year and a half ago | (#42309621)

I guess they just use fastboot and package it inside a custom loader?

Re:Great (3, Informative)

mrbester (200927) | about a year and a half ago | (#42309727)

Kies is the biggest pile of bloated crapware since Norton.

Re:Great (1)

stephanruby (542433) | about a year and a half ago | (#42309587)

Does that mean I can finally root and upgrade my crappy Galaxy S1 with Android 2.1 yet? Fucking AT&T

Finally? There was no reason to wait, you could have rooted your Captivate last year I bet.

With Samsung Kies, you should be able to upgrade your AT&T Captivate all the way to 4.0. That being said, you should root to get Android 4.2 at least (4.0 may be laggy for you, that's why I'm recommending that you root your phone instead, and just jump all the way to whatever is currently available without going through Samsung Kies).

Re:Great (1)

JayAEU (33022) | about a year and a half ago | (#42311631)

Can you please provide a reference to an official Samsung ICS image for the Galaxy S1? Other than that, you'll find it pretty much impossible to upgrade it to 4.0 using Kies.

Huge Security Hole Has Been there all Along (-1)

Press2ToContinue (2424598) | about a year and a half ago | (#42309279)

Installing any app exposes you - even without explicit permissions apps can do bad things. Let's put this into some perspective, shall we? It's just one more exposure. The real problem is in actually being able to tell what -any- app is currently doing on your device. And that kind of monitoring is no-where in sight.

Re:Huge Security Hole Has Been there all Along (1)

SternisheFan (2529412) | about a year and a half ago | (#42309427)

Just a heads-up, I found a pretty good free firewall app, for rooted Android devices, called "Droidwall" (in android's playstore, tools section). No permissions, I've been using it for a few weeks now on my Arnova pre-rooted ICS $99 tablet, works perfectly! Should be sop for all of android. It lets you 'whitelist/deny' internet access for any installed app, useful if you're on a limited data plan.

Re:Huge Security Hole Has Been there all Along (1)

mlts (1038732) | about a year and a half ago | (#42310767)

I like Droidwall, have been using it since the 1.x days. Yes, it does require root, but it is worth using. Oddly enough, on rooted Motorola phones, it takes a while to push the iptables entries out when you tell it to. On HTC phones, it is a lot quicker.

Another app that I used to use was LBE Privacy Guard, but it doesn't work on Andoid 4.1 or newer (will bootloop your phone if you try.) I know it is a free app, but when it worked, it was a very useful tool, as it limited what apps could access (contacts, GPS, phone) without having to manually edit permissions in a manifest file.

Re:Huge Security Hole Has Been there all Along (1)

SternisheFan (2529412) | about a year and a half ago | (#42311015)

People might not want to use LBE Privacy Guard, it might be a data miner... From Android forums...

LBE Privacy Guard: Possible Malware I installed LBE Privacy on my LG ESteem, and tried it out for for a few days. I uninstalled LBE Privacy Guard a couple days ago, because it kept hassling me to set permissions every time I installed or used a new app. Since I had uninstalled LBE Privacy Guard, my phone has not been able to install new apps properly. Whenever I install a new app, the new app would only work until I reboot my phone. After I reboot my phone, the newly installed apps would fail to launch and give the error message: "the application XXX has stopped unexpectedly. Please try again". That's for every new app I have uninstalled since I had uninstalled LBE Privacy Guard on Wednesday. Another app on my phone, DW Contacts and Phone Dialer Pro, could no longer retain any of my customization settings. DW Contacts popped up an error warning and informed me that the file permission database has some "exception". I immediately knew it's LBE Privacy Guard that had screwed up my phone. I tried re-installing LBE Privacy Guard, and then reboot my phone. As I expected, LBE Privacy Guard has continued to work after multiple reboots. Then I installed a few other apps, but I am still getting the same errors with all other apps. So now LBE Privacy Guard is the ONLY app that has continued to install and work properly after it had screwed up my phone. Then, I googled for information on LBE, and found this: [APP][ROOT] LBE Privacy Guard - Most Powerful privacy protection app for Android - Page 48 - xda-developers Apparently LBE mines user data and is quite shady about doing it, and it also does not like being uninstalled. I suspect LBE made some low-level changes to the permission. It seems to me that everything else (i.e., every new install) has been blocked and denied permission... except LBE itself. http://androidforums.com/esteem-all-things-root/555032-lbe-privacy-guard-possible-malware.html [androidforums.com]

Re:Huge Security Hole Has Been there all Along (3, Insightful)

Threni (635302) | about a year and a half ago | (#42309447)

> It's just one more exposure. The real problem is in actually being able to tell what -any- app is currently doing
> on your device. And that kind of monitoring is no-where in sight.

Wrong, and wrong. With this, you can access all the memory on your phone. Clearly with this you CAN tell what's running, You can stop what's running. You can patch what's running. You can do whever you like, This is about as different to the average piece of malware as is possible to get.

Re:Huge Security Hole Has Been there all Along (1)

GuldKalle (1065310) | about a year and a half ago | (#42309473)

Damn that was vague. Could you maybe explain what kind of bad things they can do without permission?

And what kind of monitoring do you want? A debugger?

Re:Huge Security Hole Has Been there all Along (5, Insightful)

grcumb (781340) | about a year and a half ago | (#42309721)

Damn that was vague.

If by 'vague', you mean 'detailed', then yes, it was. 8^)

Could you maybe explain what kind of bad things they can do without permission?

The most damning bit of code is this:

#ifdef CONFIG_EXYNOS_MEM [14] = {"exynos-mem", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, &exynos_mem_fops}, #endif

Basically, it says, "Aw heck, write whatever you like to any memory address anywhere. I mean, we're all friends here. Right?"

Effectively, any installed app can ignore pretty much every single security setting on the phone and do whatever it likes to the running system. Worse, this could be coupled with a vulnerability in an otherwise well-intentioned app to create a remote root exploit.

On the WTF scale, this ranks with the 2008 Debian SSL hole [slashdot.org] in terms of rank stupidity.

Re:Huge Security Hole Has Been there all Along (1)

Anonymous Coward | about a year and a half ago | (#42310399)

Shouldn't that have been == ?

Re:Huge Security Hole Has Been there all Along (1)

JesseMcDonald (536341) | about a year and a half ago | (#42310827)

No, it's a definition for array element 14, thus "[14] = ...". There's a newline missing in the comment after "#ifdef CONFIG_EXYNOS_MEM".

Re:Huge Security Hole Has Been there all Along (0)

Anonymous Coward | about a year and a half ago | (#42310987)

lol... I don't wanna know what kind of coding you people are growing up on these days..

Re:Huge Security Hole Has Been there all Along (2)

Koutarou (38114) | about a year and a half ago | (#42309963)

The absolute worst-case would be to use the elevated access to leverage the superbrick bug (another hole out in the wild on the majority of exynos based phones) and permanently damage the emmc chip, which requires a system-board replacement to revive the phone.

Re:Huge Security Hole Has Been there all Along (1)

Anonymous Coward | about a year and a half ago | (#42310315)

Given the popularity of the S2 and S3 I would say a rapidly spreading virus that turns them into a mobile bot net or spyware system would be far worse.

Although bricking them all at once would be massively damaging to Samsung.

Re:Huge Security Hole Has Been there all Along (1)

Anonymous Coward | about a year and a half ago | (#42310931)

the code attached to the first post demonstrates how to elevate privileges to root then open a root shell.
If someone had an issue with Samsung they could then brick the device by overwriting the boot loaders
or use the "Super Brick" bug, the permissions set by Samsung devs allow R/W access to kernel memory.

My experience with Samsung devices is that they are easy to root, but Samsung seems to outsource the
software development to North Korea.

Re:Huge Security Hole Has Been there all Along (1)

teh31337one (1590023) | about a year and a half ago | (#42310329)

Re:Huge Security Hole Has Been there all Along (1)

storkus (179708) | about a year and a half ago | (#42310661)

That isn't a fix, but merely flimsy cork or finger in the hole. Unfortunately, from what I read (Samsung's version of /dev/mem but with global access), this "hole" is more proverbially along the lines of this bad boy:

http://en.wikipedia.org/wiki/Bingham_Canyon_Mine [wikipedia.org]

In other words, its a hardware design flaw so big it can only be worked around, and even then only poorly.

I'm doubly pissed here because I bought the T-Mobile USA version of the Galaxy Note II (SGH-T889) on the day it came out, and a month before this broke. Luckily, I make a point of not doing financial transactions on it, but what about the other 5M+ GN2 owners as well as international GS3 owners (CAN/AM GS3 uses Snapdragon and is supposedly unaffected...).

Re:Huge Security Hole Has Been there all Along (2)

SirJorgelOfBorgel (897488) | about a year and a half ago | (#42310813)

This is not a hardware design flaw. Whatever makes you think that ? The reason it affects so many Exynos4 devices is because the exploitable code is present in the main code they base most Exynos4 Android firmwares on. It's certainly fixable by Samsung.

Not LTE GS3 (5, Informative)

Anonymous Coward | about a year and a half ago | (#42309333)

This only effects the international S3, the US LTE version uses a Snapdragon CPU.

Re:Not LTE GS3 (1)

xenobyte (446878) | about a year and a half ago | (#42311937)

How about the international S3 LTE? - Mine is model GT-I9305

Root (2, Insightful)

Nerdfest (867930) | about a year and a half ago | (#42309337)

I consider someone *else* running as root a security hole. As long as you need physical access, this is a feature. A phone that will not let you install what you want is broken.

Re:Root (5, Informative)

14erCleaner (745600) | about a year and a half ago | (#42309415)

The problem is that this hole will allow any app to read or write to any of memory, allowing trojans.

Re:Root (3, Insightful)

Nerdfest (867930) | about a year and a half ago | (#42309441)

That's definitely a problem. The way the summary is worded makes it sound like a user having root is a security exploit ... something most hardware and OS manufacturers seem to believe these days. I may have to break tradition and read the article.

Re:Root (5, Informative)

Nerdfest (867930) | about a year and a half ago | (#42309507)

Looks like someone has a quick fix out. It's an app that sets the perms on the file properly, but it does cause problems with the camera on the S3. The app lets you toggle the permissions on and off so you can still use your camera is you wish. I haven't tried it as I don't have a phone with the hole, but teh XDA guys are pretty reputable: Here it is. [xda-developers.com] Certainly can't complain about the open source community on something like this, although it would have been nice if he reported it to Samsung a little in advance of the release of the problem.

Re:Root (0)

Anonymous Coward | about a year and a half ago | (#42310201)

although it would have been nice if he reported it to Samsung a little in advance of the release of the problem.

It would have been nice if Samsung hadn't designed, built, and shipped equipment that they had not fully tested.

They didn't. Haul out the good-capitalism arguments for shipping quick as cheaper, but don't say the market-side isn't "nice" for doing whateverinhell it wants about the device after it ships.

Delaying public disclosure of flaws lets a company maintain a reputation it should not have. And it delays public knowledge of the dangerous device they own. When a 'public' researcher finds a flaw, 'private' ones sure as hell already have. Get the word out immediately.

Re:Root (4, Insightful)

Nerdfest (867930) | about a year and a half ago | (#42310471)

They can test all they want, but there will be bugs. The trick is to have support in place to patch quickly. Most open source software is very good this way, but most commercial stuff is way behind.

Re:Root (1)

JesseMcDonald (536341) | about a year and a half ago | (#42310799)

A device driver which allows programs to mmap any and all physical memory, which defaults to world-writable permissions both in the driver itself and in a system startup script, seems like a bit more than just a "bug". It's more consistent with a complete lack of security-mindedness among the developers and reviewers (if any).

Re:Root (0)

Anonymous Coward | about a year and a half ago | (#42311819)

Yes and how easy it will be for Samsung to fix this? It is easy to stop the hole by the fix those guys made but why does it brake the camera functionality? Because the memory is open by design and the camera uses that design? So to fix this would require quite a lot of tinkering from Samsung to work with correct permissions for each "user". Thus fix is unlikely to be released soon.

Re:Root (2, Insightful)

fredprado (2569351) | about a year and a half ago | (#42310487)

Nothing can be "fully tested". Things like this happens to any developer and are unavoidable as the code complexity increases.

What is the responsibility of the developer is to fix a security hole such as this as quickly as possible once detected.

Re:Root (2, Interesting)

SirJorgelOfBorgel (897488) | about a year and a half ago | (#42310479)

"although it would have been nice if he reported it to Samsung a little in advance of the release of the problem"

While that would have been nice, it is very debatable if it is wise. With Samsung, you just don't know. Security holes have been reported to Samsung that have been fixed nigh instantly, while other well known problems that can cause hard-bricks (device becomes a non-recoverable paperweight) on various devices have been known for almost a year - including the fixes - and the issue is still present in the latest firmwares.

And in the exploit author's defense (as if needed), he actually says somewhere he didn't know whom to contact so he just put it on XDA, assuming it would somehow get to the right people. And even though it is weekend, I'm sure various Samsung engineers on the right levels are aware of the problem :) The not knowing who to contact thing is a valid issue - if you don't have any "ins" at Samsung, it's actually pretty hard getting this kind of information to the right people.

Re:Root (1)

epine (68316) | about a year and a half ago | (#42311847)

While that would have been nice, it is very debatable if it is wise.

If they ever update The Fifth Discipline: The Art and Practice of the Learning Organization [wikipedia.org] I'm sure they can cull a hundred pages of business-speak blather to make room for an additional chapter on the pernicious feedback loops of responsible disclosure.

Normally we allow markets to punish corporations for sloppy work. Causing grave identity harm to your customer base is the kind of sloppy work deserving of punishment. And then, you know, the innovation of the private sector swoops in, as it must under Hayekian divine law, to save the day.

But no, as usual we turn things upside down when the going gets tough: unpaid security researchers provide valuable QA in hushed conversations to deep-pocketed corporations, who may or may not choose to do anything about it.

Here's a suggestion: if a corporation has any unfixed security flaw they've known about for more than three months, they no longer qualify for responsible disclosure.

Customers when purchasing their toys can check the reputations of vendors in having their responsible disclosure pants down, aka those malingering issues not fixed because they value their bottom line more than their customer's peace of mind. In Hayekian theory, these are supposed to align by the divine grace of the invisible hand, but sometimes society weaves clever narratives to prevent this from happening.

The true Hayekian solution would be to allow security researchers to auction off the fruit of their labour to the highest bidder, black or white. This might be Samsung, should they care enough to protect their reputation by dipping into their bottom line.

Re:Root (5, Informative)

stephanruby (542433) | about a year and a half ago | (#42309803)

The way the summary is worded makes it sound like a user having root is a security exploit ...

The Cleaner is correct. In the case of Android, each application is considered a separate user. That's how applications are sandboxed away from each other. This way, an application only has access to its own files (which reside in its home folder). An application only has access to its own SQlite database instances (which again reside only within its own home folder, since SQLite is file-based, this arrangement works). With its own userid, an application can only access its own process and its own data. Etc.

In other words, Android is an operating system built on top of another operating system and Android doesn't try to completely reinvent the wheel when it comes to security.

Re:Root (1)

hawguy (1600213) | about a year and a half ago | (#42310193)

That's definitely a problem. The way the summary is worded makes it sound like a user having root is a security exploit ... something most hardware and OS manufacturers seem to believe these days. I may have to break tradition and read the article.

For most users, having root *is* a security exploit. Few users know how to tell whether the application they are installing as root is "safe".

Re:Root (-1)

Anonymous Coward | about a year and a half ago | (#42309565)

Don't bother. The fandroids will spin this into something to make it seem like it was a win for them all along. I see a lot of this out of them. It makes it hard to take these zealots seriously. Apple fanbois are the same, don't get me wrong. I just hate all techno nazis.

Re:Root (2, Informative)

Tough Love (215404) | about a year and a half ago | (#42310001)

The fandroids will spin this into something to make it seem like it was a win for them all along.

Whoa, the fandroids didn't do that! Instead, the fandroids discussed the issues, risks and fixes calmly, intelligently and informatively. Now if only iFans were like that, maybe I wouldn't feel like I got something icky on me after any encounter.

Re:Root (2)

Tough Love (215404) | about a year and a half ago | (#42311477)

The fandroids will spin this into something to make it seem like it was a win for them all along.

Whoa, the fandroids didn't do that! Instead, the fandroids discussed the issues, risks and fixes calmly, intelligently and informatively. Now if only iFans were like that, maybe I wouldn't feel like I got something icky on me after any encounter.

Oh, iFans have another weapon besides naked fanaticism: they also have Apple spinmods.

Re:Root (0)

Anonymous Coward | about a year and a half ago | (#42310449)

Well, the important thing is that you've figured out a way to demonstrate your inferiority to both.

Re:Root (0)

Anonymous Coward | about a year and a half ago | (#42310457)

And the WinTards will try to use this meaningless story to try and create a shit storm in an effort to get some free publicity for their piece of shit Kin Phones and Kin Tablets that no one wants or cares about.

Re:Root (0)

Anonymous Coward | about a year and a half ago | (#42309449)

Sounds like someone else can too

Re:Root (0)

Anonymous Coward | about a year and a half ago | (#42309767)

On smartphones, local exploits matter because they mean apps can gain more permissions than they are supposed to have. (This is a much smaller problem on desktops because people don't tend to install programs on desktops anywhere near as much.)

Re:Root (5, Insightful)

hawguy (1600213) | about a year and a half ago | (#42310207)

On smartphones, local exploits matter because they mean apps can gain more permissions than they are supposed to have. (This is a much smaller problem on desktops because people don't tend to install programs on desktops anywhere near as much.)

You've never seen a user click blindly through ActiveX install warnings if you think Desktop users rarely install software.

Re:Root (1)

tlhIngan (30335) | about a year and a half ago | (#42311567)

I consider someone *else* running as root a security hole. As long as you need physical access, this is a feature. A phone that will not let you install what you want is broken.

So how do you know what you're installing WON'T take advantage of this and break through the Android permissions model? (Permissions system doesn't apply if you have root, after all).

Several Android malware apps have attempted to root the user's phone before, so it's possible that some app you download may try the same. And all they'd need is enough permissions to access that device - probably innocent ones.

In other words - it's a great way to get root on your phone, if you want it. Or a security exploit if an app also roots your phone to download and install some malware. Or install a rootkit, since it allows access to kernel memory(!).

LUALZ (-1)

Anonymous Coward | about a year and a half ago | (#42309377)

there just was niggerbutt on tv in the Cowboys game

LUALLZ DENG!

Custom faulty memory device? (1)

wonkey_monkey (2592601) | about a year and a half ago | (#42309423)

Are you sure it wasn't a faulty custom memory device instead?

Re:Custom faulty memory device? (2, Funny)

Anonymous Coward | about a year and a half ago | (#42309541)

Haven't you heard about Samsung's new strategy?

1.) Become the go to name in customized faulty memory devices
2.) ?????
3.) Profit

Funny as hell - Google ad. (5, Funny)

Andy Prough (2730467) | about a year and a half ago | (#42309433)

The Google ad on the page for TFA states "Root Any Android Device In 1 Touch! Easy To Use Automatic Root Software". Talk about context-sensitive ads!!

Fault? (0)

Anonymous Coward | about a year and a half ago | (#42309521)

Every user can easily root their device? Sounds like a feature to me.

To actually root ... (2)

SirJorgelOfBorgel (897488) | about a year and a half ago | (#42309535)

Strangely, TFA makes no mention of an app built to actually use this exploit to install SuperSU (root access management app): http://forum.xda-developers.com/showthread.php?t=2050297 [xda-developers.com] - i.e. what most users consider getting rooted.

Of course, this exploit can be used by any app, and a user can use the core exploit manually to install SuperSU (or Superuser) to let Play apps that need root (but don't contain this exploit ;)), but the linked method does all the work for you already.

Google Defence Force Activate... (-1)

Anonymous Coward | about a year and a half ago | (#42309551)

Form of: denial and accusation of user error.

Re:Google Defence Force Activate... (0)

Tough Love (215404) | about a year and a half ago | (#42310011)

Form of: denial and accusation of user error.

You're an Apple employee, and you're projecting.

Re:Google Defence Force Activate... (1)

Tough Love (215404) | about a year and a half ago | (#42311469)

Form of: denial and accusation of user error.

You're an Apple employee, and you're projecting.

and your Apple spinmod friends don't impress me either. Actually, the more you do things like that, the more you Apple people disgust me.

Link (1)

StuffMaster (412029) | about a year and a half ago | (#42309581)

Why did you link to that horrible advertisement of a webpage? Google even gives the Wikipedia page [wikipedia.org] as the first result...

Makes me glad I use an iPhone... (-1)

Anonymous Coward | about a year and a half ago | (#42309625)

And there are those who wonder why the #1 seller on the market is the iPhone. Perhaps, it is because Apple takes security seriously?

iOS has yet to have a single malware app in its history, other than stuff befalling jailbroken devices. This is a quite sterling record for any popular platform in the computing industry.

Re:Makes me glad I use an iPhone... (3, Insightful)

Galestar (1473827) | about a year and a half ago | (#42309671)

other than stuff befalling jailbroken devices

This is the important part. Walled gardens are inherently more secure, it has nothing to do with Apple's competence.

Re:Makes me glad I use an iPhone... (0)

Anonymous Coward | about a year and a half ago | (#42310177)

If Android phones defaulted to Amazon's store, or if Google went to a two tier system (one tier with stuff as they do now, second tier that is thoroughly vetted and rejections are swift and brutal), Android would have far fewer issues.

As for security, Apple's is chiefly based around how good their gatekeeper is. If some app gets through, it will have a field day. Of course, this is mitigated in iOS 6 by the OS asking if an app can have access to photos or contacts, but it doesn't stop an app from going crazy with high-priced SMS messages or just using the phone as a botnet client for spam, DDoS, or other items.

False, Apple's security deeper (0, Troll)

SuperKendall (25149) | about a year and a half ago | (#42310557)

Apple's is chiefly based around how good their gatekeeper is.

No, in fact Apple's security does not rely on that at all. The system is designed to prevent any application, not just Apple vetted ones, from harming the system - otherwise Apple would not allow independent Enterprise deployment as they do since Apple does not review those applications.

Apple's system is deeper than Androids because instead of having one up-front out of context question about the permissions the app should support, instead iOS users are asked if the system should allow access to a protected resource at the time the application (and thus the user) needs it. You aren't asked up front if an app can access contacts, you get asked that when you reach a portion of the app that would like to look into contacts and thus you can decide if you really want it to see contacts for that reason, or back out and not let the app see them.

iOS devices ALSO do not allow installation of apps to external media which was already a monstrous security hole for Android devices; any SD card inserted that was formatted FAT32 could have any portion read and written to by any app.

Re:Makes me glad I use an iPhone... (1)

Tough Love (215404) | about a year and a half ago | (#42311505)

Walled gardens are inherently more secure, it has nothing to do with Apple's competence.

Do you have any actual evidence to support that fanciful assertion? Didn't think so.

Re:Makes me glad I use an iPhone... (1)

Bob9113 (14996) | about a year and a half ago | (#42311823)

Walled gardens are inherently more secure

Which walled gardens? More secure how? More secure than what?

If the walled garden does a better job of verifying the security than the collection of apps you are comparing it to, then you are right. But that is not an inherent characteristic of the walled garden model any more than it is of any other kind of collection of apps. The question is how strongly the selection process under consideration filters for security.

For example, F-Droid [f-droid.org] is a repository of Free and Open Source Android software. It is pretty much the opposite of a walled garden, and it is very possible that the F-Droid software is more secure than what is available on Google Play or the iTunes App Store.

The claim that walled gardens are inherently more secure is no more valid than the archaic and discarded notion that proprietary software is inherently more secure than Open Source. The same holds true for the operating system as for the marketplace, for the same reasons.

Re:Makes me glad I use an iPhone... (0)

Anonymous Coward | about a year and a half ago | (#42310485)

And there are those who wonder why the #1 seller on the market is the iPhone. Perhaps, it is because Apple takes security seriously?

iOS has yet to have a single malware app in its history, other than stuff befalling jailbroken devices. This is a quite sterling record for any popular platform in the computing industry.

You're either extremely stupid or extremely ignorant. Yeah, you're stupid.

Another illegal patent expropriation from Apple (2, Funny)

gelfling (6534) | about a year and a half ago | (#42309743)

Tim Cook needs to sue them for that one.

Re:Another illegal patent expropriation from Apple (1)

WrecklessSandwich (1000139) | about a year and a half ago | (#42310037)

Tim Cook needs to sue them for that one.

Beat me to it like a redheaded stepchild.

Re:Another illegal patent expropriation from Apple (0)

Anonymous Coward | about a year and a half ago | (#42310635)

LOLOLOL me make Apple dig, me FUNNAY

Move along, go replay the same tired trolling elsewhere.

security hole? (0)

Charliemopps (1157495) | about a year and a half ago | (#42309833)

How is this even remotely a security hole? Much less a "Huge" one? Owners can gain root access to their own device? God forbid!

Re:security hole? (5, Informative)

countach (534280) | about a year and a half ago | (#42309865)

Err, because any app you download can p0wn your phone?

Re:security hole? (3, Informative)

nedlohs (1335013) | about a year and a half ago | (#42309881)

Because some random app could subvert the permissions it was granted at install and do whatever the hell it wants?

Re:security hole? (2)

pepsikid (2226416) | about a year and a half ago | (#42310187)

It's a considerable "security issue" because it may provide a vector through which you could install any app, ringtone, mp3, wallpaper, etc., that you did not buy from the manufacturer (thinking of currently un-rootable devices here). You could disable un-installable apps you mfger wants you to have. You could inspect and monitor your phone's memory and data transactions in such detail as to learn what information your mfgr, or installed apps, harvests from your activity. Heavens, you could finally back up and restore your phonebook from a device with a disabled data port. Enable wifi without a $15/mo service plan! Download your cameraphone pics and videos without using up some of your data ration! Or install a cut-and-paste extension! Freedom is dangerous! Samsung cannot ensure the 'highest customer experience' if the customer can shop around! Or some hog-swill like that.

Disclosure: worked for Samsung Wireless. They're evil.

Re:security hole? (1)

pepsikid (2226416) | about a year and a half ago | (#42310239)

...of course, it's the *providers* who demand the crippled firmware, but SS is only too happy to provide the custom lobotomies.

/yes, they have your PIN, PIN2 SIMM and every other number you're asking for.
//yes, the're lying about not having this information, but noone you can get ahold of on the phone has it.

Sony get your lawyers. (1)

RyuuzakiTetsuya (195424) | about a year and a half ago | (#42310067)

Sounds like Samsung is ripping off Sony security.

Quick! Get Kaz Hirai on the phone!

Feature (-1)

Pope Raymond Lama (57277) | about a year and a half ago | (#42310295)

Dear slashdot,

If a software failure allows an user to gain control of his own device, 'a.k.a." Jail breaking, it is not a "security hole" - it is a freaking FEATURE!
T.F.A. an the headline puts it as if it was a bad thing.

Re:Feature (0)

Anonymous Coward | about a year and a half ago | (#42310413)

The problem is that the same feature allows for malware to take control of the device, and considering that makes it very difficult to remove as opposed to a traditional PC...yeah, it is a bad thing. A very bad thing, as apparently it's already being exploited in Android marketplaces.

Re:Feature (0)

Anonymous Coward | about a year and a half ago | (#42310695)

Not sure if you fail at understanding basic computer science, didn't read TFA, or what. This security hole allows any app, jailbreak, malware, whatever, to take control of the phone and hide itself from further detection. I.e. it can patch the kernel. Don't be obtuse.

impeccable timing (1)

gaiageek (1070870) | about a year and a half ago | (#42310319)

I was considering purchase of a Galaxy S2 in the next 12 hours. Now I can't justify spending the money on it knowing it has a gaping security hole. Is there a possibility this could affect the similarly spec'd Samsung Galaxy S Advance? It has a STE U8500 chipset so if it's truly only an Exynos chipset vulnerability it should be fine, but this leaves me wondering about Samsung. Perhaps more telling would be waiting to see what, if anything, Samsung does about this.

Is that news? (1)

manu0601 (2221348) | about a year and a half ago | (#42310901)

The page describing the exploit is from september. Is that a news?

Re:Is that news? (1)

msauve (701917) | about a year and a half ago | (#42311063)

If "yesterday" for you is September, you're not keeping up.

tubgi8l (-1)

Anonymous Coward | about a year and a half ago | (#42311035)

conversation 4nd [goat.cx]

How to use this to your advantage (1)

tanveer1979 (530624) | about a year and a half ago | (#42311509)

Use this APK to get root and install superSU
http://forum.xda-developers.com/showthread.php?t=2050297 [xda-developers.com]

Now, whenever any app asks for root permissions, you will be asked whether you want to give root. This is how it used to work in my older rooted devices.

Removing a Mod (0)

ohnocitizen (1951674) | about a year and a half ago | (#42311821)

Commenting to remove an accidental mod, a sad mistake that caused many tears.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>