1. Fernando Martin's Avatar
    November 9th, 2015

    Millions of Android Devices Vulnerable to Remote Hijacking: Baidu Wrote the Code, But Google Made it Possible.
    read the full article at the Electronic Frontier Foundation Website.
    Superdupont 2_0 likes this.
    11-15-15 05:12 PM
  2. Superdupont 2_0's Avatar
    From the article "Fortunately for Google, this is an easy fix—just include Internet access as one of the permissions apps have to request in the next version of Android. Otherwise, Moplus SDK won't be the last major Android security catastrophe."

    Even the world's most secure OS BB10 never had the internet permission enabled, because....err, because... BB10 developers made zillions with ads in their apps (no, they didn't).
    Unlikely that Google will do this.
    11-15-15 05:27 PM
  3. nah.uhh's Avatar
    From the article "Fortunately for Google, this is an easy fix—just include Internet access as one of the permissions apps have to request in the next version of Android. Otherwise, Moplus SDK won't be the last major Android security catastrophe."

    Even the world's most secure OS BB10 never had the internet permission enabled, because....err, because... BB10 developers made zillions with ads in their apps (no, they didn't).
    Unlikely that Google will do this.
    Bbos had the Internet permission

    Might be forgetting a few.. 7280 >7290 > 8310 + 8130 + 8220 > 9000 + 8900 > 9700 + 9800 + 9100 > 9780 + 9810 + 9900 > playbook > z10 > PassportSQW100-1/10.3.2.2639
    11-15-15 05:36 PM
  4. Fernando Martin's Avatar
    From the article "Fortunately for Google, this is an easy fix—just include Internet access as one of the permissions apps have to request in the next version of Android. Otherwise, Moplus SDK won't be the last major Android security catastrophe."

    Even the world's most secure OS BB10 never had the internet permission enabled, because....err, because... BB10 developers made zillions with ads in their apps (no, they didn't).
    Unlikely that Google will do this.

    Well, thatīs not the same thing. Did you read the paragraphs below? Let me include them for you

    Last month, Chinese security researchers uncovered a security vulnerability in an Android software library developed by the Chinese search giant Baidu, and when it comes to security vulnerabilities, this one’s a whopper. It allows an attacker to remotely wreak all sorts of havoc on someone’s phone, from sending fake SMS messages to downloading arbitrary files to installing other apps without the user’s authorization.
    and

    The widespread deployment of the vulnerable software library makes things even worse. The library, known as the Moplus SDK, is used by over 14,000 separate Android apps. By some estimates, as many as 100 million unique Android devices were vulnerable. And that isn’t even the worst of it.

    Further investigation by researchers at Trend Micro showed that this wasn’t just the result of some security bug. The Moplus SDK was actually designed to do all the terrible things described above. That’s right: Baidu apparently actually built the capability into its SDK to remotely upload files, install apps, and trigger all sorts of other actions—and this capability existed on every device on which an app that contained the Moplus SDK library had been installed..
    and there is more.
    11-15-15 05:37 PM
  5. shabbs's Avatar
    Oh boy... c'mon Marshmallow...
    11-15-15 05:44 PM
  6. Fernando Martin's Avatar
    Bbos had the Internet permission

    Might be forgetting a few.. 7280 >7290 > 8310 + 8130 + 8220 > 9000 + 8900 > 9700 + 9800 + 9100 > 9780 + 9810 + 9900 > playbook > z10 > PassportSQW100-1/10.3.2.2639
    Itīs not just about internet permission. Read my reply above, and more importantly, read the full article. A remote attacker can take over your device.
    11-15-15 05:48 PM
  7. buwee's Avatar
    Fear mongering - maybe we should all just go back to using 2 tin cans and a tube for our communications LOL
    calicocat2010 likes this.
    11-15-15 06:03 PM
  8. shabbs's Avatar
    Fear mongering - maybe we should all just go back to using 2 tin cans and a tube for our communications LOL
    The internet is a series of tubez......
    11-15-15 06:12 PM
  9. zocster's Avatar
    Use Nokia clamshell!
    11-15-15 06:20 PM
  10. Fernando Martin's Avatar
    Fear mongering - maybe we should all just go back to using 2 tin cans and a tube for our communications LOL
    Itīs not fear mongering. I am just providing information. I guess you would rather not know?
    11-15-15 08:39 PM
  11. nokia4life's Avatar
    Itīs not fear mongering. I am just providing information. I guess you would rather not know?
    Didn't this come out a while ago it was on the newss and all Android bloggers and podcasters talked about this. Are you posting this to scare BB folks because anyone that even thinks about Android should have heard about this by now.
    buwee likes this.
    11-15-15 10:53 PM
  12. anon(2325196)'s Avatar
    My PRIV is not going to get arbitrarily hacked this way, ever! I guarantee it. LMAO, I'm just kiddin' 'round. But honestly, I actually trust BlackBerry with their security. Plus, I don't get spam at all, I don't click links in emails because I get no malicious emails with wacky links to begin with!!! HA! It's hard to click wacky linkage when it literally never makes it to my inbox. Even if it somehow made it, I'm seriously NEVER going to click some ret@rded linkage, and I don't use Chrome.

    The only links I be breakin' are Johnsonville!! HA!

    I'm referring to another widespread, catastrophic android security flaw involving links in emails.

    Posted via CB10
    11-16-15 12:01 AM
  13. qwerty4ever's Avatar
    Well, thatīs not the same thing. Did you read the paragraphs below? Let me include them for you



    and



    and there is more.
    Why does Google or anyone else trust a company in China? Time to shutdown Factory China and let the peasants kill their oppressive government. Maybe ISIL can attack China and then Russia would have an excuse to hand Beijing their genitals.

    BlackBerry Priv with CrackBerry App for Android
    11-16-15 12:17 AM
  14. Fernando Martin's Avatar
    Didn't this come out a while ago it was on the newss and all Android bloggers and podcasters talked about this. Are you posting this to scare BB folks because anyone that even thinks about Android should have heard about this by now.
    Actually, youīre incorrect sir, unless you mean a "while ago" to mean a week. You may be referring to a different exploit. The report was published November 9th of 2015. I donīt understand why so many people are getting defensive? I was just trying to provide information and to make sure Android users are aware. I was not trying to get people to ditch their Android devices. By the way, I own a Samsung Galaxy Note 4 with android.
    11-16-15 10:57 AM

Similar Threads

  1. Backspace sticks to deletion occasionally
    By rhitdoph in forum BlackBerry 10 OS
    Replies: 5
    Last Post: 01-16-16, 02:57 PM
  2. Why we cannot update Priv OS over BB 10 running devices?
    By Ginni Singh1 in forum BlackBerry Priv
    Replies: 19
    Last Post: 11-27-15, 09:42 AM
  3. How to force 4g only
    By FinnBerry in forum BlackBerry 10 OS
    Replies: 9
    Last Post: 11-17-15, 08:25 AM
  4. Odd behaviour relating to screen lock on my priv
    By ci00aaj in forum BlackBerry Priv
    Replies: 2
    Last Post: 11-16-15, 02:31 AM
  5. What is the best app to manage mp3 songs?
    By CrackBerry Question in forum BlackBerry OS Apps
    Replies: 2
    Last Post: 11-15-15, 04:02 PM
LINK TO POST COPIED TO CLIPBOARD