"Android vulnerabilities open Pie to booby-trapped image attacks"

#1

Please forgive me if someone has already posted about this; I searched but did not find anything about it on the forums.

According to an article written Feb 8th on https://nakedsecurity.sophos.com/, “[a] trio of bugs caused by programming inconsistencies could have opened up Android 7, 8 and 9 to remote attackers wielding booby-trapped image files.”* Android also posted about this in a Feb 4 security bulletin (in slightly more technical terms) and states that “[s]ecurity patch levels of 2019-02-05 or later address all of these issues.”**

Does anyone know when Republic Wireless will be receiving/rolling out these security patches?

Thanks!

Sources:

0 Likes

#2

Hi @katherinep.wglvan

Yes, I saw that story too.
Any patches will come from Google and then the phones manufacturer have to release it. (So if you had a Samsung phone you would probably have to wait for Samsung to release the patch after they get it from Google.)

1 Like

#3

Hi @katherinep.wglvan,

The bottom line is any phone active on Republic running Android 7, 8 or 9 is North American factory unlocked. Security patches and other operating system updates are pushed by the manufacturer not Republic. Please see here for more: Where's My Android Update? Understanding the Update Process.

For what it’s worth in my experience, security vulnerabilities noted by sources such as Sophos tend to be more of an issue in the lab than in the wild.

4 Likes

#4

Here is another article:

Far as i have read, there is no known active exploits in regaurds to this.

The current February Security patches put out by Google patch this any many other vulnerabilities. Pixel users already have this since they get updates the moment Google releases updates. All other phones brands, it is up to them to pull, make, test, then push out updates to their phones. That process takes time, most brands i find to be at least 2 months behind, others, you are lucky to get updates once every several months.

0 Likes

#5

Thanks for the heads-up on this one!
Hopefully Firefox with the UBLOCK Origin extension installed/updated can help thwart the ones coming to the browser.
If they can patch Google Messages and GMAIL to block them from coming in via MMS/email, I would be set till the patch arrives.
I have not had any updates since November 2018 on my phone unfortunately.
I don’t think I use anything else where a picture could come in on me like Facebook, Twitter, etc.

0 Likes

#6

How can I prevent this from causing me problems on Google Messages?
Will this work for Android 8.1 with the November 2018 Patches?
Settings
Advanced
Turn off “Auto-download MMS”?
“auto-download MMS when roaming” was already off.

Then never download a picture till we get a fix?
I bet I will not get anything from group MMS (no text or pictures) with this enabled though?

0 Likes

#7

That setting will cause you to get an alert letting you know there is an MMS to download. If you trust the sender, you can then choose to download it. If you don’t then you can not download it. This will be true for pictures, group texts or long messages sent as MMS.

0 Likes

closed #8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

0 Likes

Message an
Expert customer