Sign in / up

back to article Zimperium unleashes Android Stagefright exploit code on world

Security researchers at Zimperium have released a working version of Stagefright exploit code. Zimperium said it was publishing the software so that administrators and penetration testers can validate the effectiveness of the Android community's response to patching the security hole. Google is only just getting around to …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Granted Apple's security track record is definitely mixed it is nice to be able to get patches directly from the OS and device manufacturer being the same without having to worry about 3rd parties or carriers having a say (Nexus devices I guess come closest to qualifying). You could say the same thing about WP and BB for the most part as well if either platform was going to be viable in the future.

    2 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      But the reason this is possible is because Apple, Microsoft, and Blackberry have strong control over the hardware channels; any devices with their OS have to get their approval first (and in Apple's and I think Blackberry's case, they make the devices in-house). Since Android was the underdog against the iPhone initially, it's easy to see why Google played fast and loose to play catch-up. Of course, this is coming home to roost, but in the long run, did Google really have much choice given the competition?

      1 2 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Microsoft also make most WP handsets technically in house for the moment. As you mention its a fundamental difference in business models. Apple for the most part makes its money on hardware and only does software to push hardware. Google makes it money bundling up user data and selling it to advertisers (or anyone else). Its "free" trojan horse software exists solely to turn users into the product. The only good thing is due to the base of Android being FOSS at least you are not forced to install their spyware on top (as long as you willing to root your phone, void your warranty and arguably make it less secure). Technically Google does have its own hardware too but lets just say its not a core competency.

        0 0 Reply
  2. Alan Denman

    Sponsored by whom?

    They sell leaks to the highest bidder, if selling this, now even thicko crims can patch it in to stuff they have already bought!

    Increases demand. Other espionage software is out there so is this legit too?

    0 0 Reply
  3. Unicornpiss
    Flame

    Penetration testing

    I wonder how Zimperium's members would feel if thugs kicked in their doors and trashed their living spaces purely as an experiment to see how effectively they react to cleaning up the mess and replacing their front doors instead of someone merely quietly warning them that they were vulnerable to attack and ought to get their locks beefed up soon?

    0 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Penetration testing

      How do you have a gold badge on an IT site when you are pushing the long discredited security by obscurity garbage? Google has been aware of this vulnerability longer than they give other vendors before going public.

      0 0 Reply
      1. Vic
        Reply Icon

        Re: Penetration testing

        How do you have a gold badge

        He doesn't...

        Vic.

        0 0 Reply
  4. dotdavid

    "administrators and penetration testers can validate the effectiveness of the Android community's response to patching the security hole"

    No need to release the exploit to do that. Here's a summary:

    - Google patched AOSP almost immediately so fast they did it wrong and had to do it again.

    - The larger community custom android ROMs merged in the changes almost immediately. CyanogenMod rolled out a stable release for CM11 and 12.1 with the fix on the first of the month but it was available in nightly form before then.

    - The manufacturers all said this was very important and committed to rolling out an update for key handsets "soon". Few if any have yet to do so and no-one is holding their breath expecting them to do so.

    - Non-key handsets will never get the update unless they root/unlock their bootloaders and install a custom ROM with the fix, if there happens to be one for their device.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like