Article about IMEI vulnerability on Android phones

Toggle sidebar Toggle sidebar
This seems to be a fuss about nothing, in that the vulnerability means that if your device is stolen then it may be able to be resold a little more easily.

But once it's stolen you don't have it any more anyway, so it doesn't matter.

Am I missing something; is there more to this?
 
This looks like CVE-2019-2114, which is limited to versions 8.0, 8.1, 9. So once you update to 10 (or get any update since 10/6) you'll be covered.

The problem isn't so much whether your phone is covered, it's that the fact that there's no blacklist protection on Android phones (whether it's one or all) means that thieves without any technical knowledge will now be looking to steal Android phones, and selling them to unsuspecting buyers.

Since this affects a lot of phones, and it's being fixed in Android 10, I'm moving it to the Android 10 forum.
 
Last edited:
robinhelenehebert said:
https://www.firstpost.com/tech/news...urity-update-to-40-million-users-7472731.html

Problem is I updated to Android 9 through a separate process posted here and haven't been getting updates. What do I do?
Click to expand...

Once you download the latest security patch you protected against the vulnerability. The only question is when will it made available?

"Samsung has sent out updates to Galaxy devices under its Security Maintenance Release (SMR). This update includes the patches from Google as well. The SMR update states that the patch improves protection against potential IMEI manipulation. On account of a device being stolen, criminals will be able to take advantage of this vulnerability to bypass the IMEI blacklist to resell the stolen device."
 
mark7914 said:
This seems to be a fuss about nothing, in that the vulnerability means that if your device is stolen then it may be able to be resold a little more easily.

But once it's stolen you don't have it any more anyway, so it doesn't matter.

Am I missing something; is there more to this?
Click to expand...
Yes, the problem is that the vulnerability makes it more likely that the phone will be stolen in the first place, because it increases a thief's incentive to steal it, either by stealth or (more straightforwardly) by force. The incentive is multiplied by the phone's high price.

The chance of theft may still be small for a given individual, but the number of thefts would predictably increase substantially because of the vulnerability, if it weren't fixed promptly.
 
you can brick your phone remotely using your google account if its stolen. If its online security youre worried about use a VPN..
 
You must log in or register to reply here.

Similar threads

R
new note 9, android update
Replies
37
Views
10K
Samsung Galaxy Note 9
gray2018
gray2018
A
Samsung A20 - Android 11 with Odin
Replies
0
Views
3K
Samsung Galaxy A Series
andunn31
A
Russel Shouse
My new flip 3 256g thoughts.
Replies
4
Views
2K
Samsung Galaxy Z Flip 3
ThrottleJohnny
ThrottleJohnny
Casualballer
LG getting an undeserved bad rap.
Replies
15
Views
3K
LG G8 ThinQ
Morty2264
Morty2264
Gayle Lynn
Severe PNG issue
Replies
1
Views
3K
Samsung Galaxy S9 & S9+
Rukbat
Rukbat

Latest posts

Trending Posts

Members online

Total: 5,945 (members: 8, guests: 5,937)

Forum statistics

Threads
955,512
Messages
6,965,009
Members
3,163,300
Latest member
EmilyGraceSeville7cf

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom