Start here: QuadRooter: 5 things to know about the latest Android security scare | Android Central
Then ignore every tech rag that doesn't treat this as utterly nonsense.
CVE – 2016 – 2503 – Already in Google's July security patch, requires physical access to unlocked device.
CVE – 2016 – 2504 – Already in Google's August security patch, requires physical access to rooted device
CVE – 2016 – 2059 – Already patched by Google, requires physical access to device
CVE – 2016 – 5340 – requires root, in pending September patch.
Devices with processors shipped after April 2016 should not be impacted.
Lesson, don't root your phone, turn off all the security features and then hand it to a bad person.
900 million is the wrong number.
Let's instead count the number of (1) active (2) snapdragon powered devices that are (3) not yet updated to Kit Kat, (4) haven't received a security update since at least June and are (5) physically in the hands of sophisticated criminals that are (6) using this set of exploits on a (7) rooted and (8) unlocked device, (9) without the owner being aware of the fact that the device is missing.
Those are 9 pretty specific conditions. Is the real number higher than 0? Maybe. Is it higher than 100? There's no way that's possible. Generously we could grant 25 devices. 25 vs 900 million. That's a bit of an exaggeration to say 900, right?
Oh wait, if you have unrestricted physical access to someone's device and it's unlocked and rooted ... YOU DON'T NEED AN EXPLOIT! This is pointless. All vulnerabilities that require physical access to the device (3 of the 4 here) are ignoring the fact that you already have physical access to the device and therefore wouldn't need an exploit.
Then ignore every tech rag that doesn't treat this as utterly nonsense.
CVE – 2016 – 2503 – Already in Google's July security patch, requires physical access to unlocked device.
CVE – 2016 – 2504 – Already in Google's August security patch, requires physical access to rooted device
CVE – 2016 – 2059 – Already patched by Google, requires physical access to device
CVE – 2016 – 5340 – requires root, in pending September patch.
Devices with processors shipped after April 2016 should not be impacted.
Lesson, don't root your phone, turn off all the security features and then hand it to a bad person.
900 million is the wrong number.
Let's instead count the number of (1) active (2) snapdragon powered devices that are (3) not yet updated to Kit Kat, (4) haven't received a security update since at least June and are (5) physically in the hands of sophisticated criminals that are (6) using this set of exploits on a (7) rooted and (8) unlocked device, (9) without the owner being aware of the fact that the device is missing.
Those are 9 pretty specific conditions. Is the real number higher than 0? Maybe. Is it higher than 100? There's no way that's possible. Generously we could grant 25 devices. 25 vs 900 million. That's a bit of an exaggeration to say 900, right?
Oh wait, if you have unrestricted physical access to someone's device and it's unlocked and rooted ... YOU DON'T NEED AN EXPLOIT! This is pointless. All vulnerabilities that require physical access to the device (3 of the 4 here) are ignoring the fact that you already have physical access to the device and therefore wouldn't need an exploit.
Last edited:
Facebook
Twitter
Instagram