1. Kwms's Avatar
    I wonder how/if the PRIV would fare any better....

    "The bad news? All it takes is opening a website containing the malicious code and an attacker can have full control of your phone, and do things like download additional apps without your interaction.

    The good news? Itís not out in the wild. Yet."

    A single malicious Chrome link is enough to give attackers control of your Android phone

    Posted via CB10
    11-13-15 08:31 AM
  2. PostMortem's Avatar
    The Priv would not fair well because that is an issue with Chrome, not the phone itself.

    Posted via CB10
    11-13-15 08:34 AM
  3. Kwms's Avatar
    Ummm, what do you mean by "not the phone itself?" isn't it allegedly hardened? So what exactly are we being sold?

    Don't bite off my head, I'm just throwing this and these questions out there for other knowledgeable folks to chime in.

    The Priv would not fair well because that is an issue with Chrome, not the phone itself.

    Posted via CB10


    Posted via CB10
    11-13-15 08:42 AM
  4. KermEd's Avatar
    Ummm, what do you mean by "not the phone itself?" isn't it allegedly hardened? So what exactly are we being sold?

    Posted via CB10
    Technically, what he is saying, is the phone isn't rooted. However the browser made by Google has an exploit.

    On Android, Chrome browser has access to lots of stuff - browsers need mass access to your phone. It can download files, run files, and access anything you can as a user. Moreover the browser has some special access too, GPS tracking, microphone, you name it.

    The hack let's any evil website have the same control over your phone that the browser does. They can install things. Delete files. All without you knowing, and DTEK wouldn't even notice this. But it's not rooted at the OS, just an exploit that lets a hacker access your phone to the same level you do by using a browser that BlackBerry has no control over.

    I alluded to this risk in the past when people complained about the security of Flash on mobile but neglected to identify the bigger JavaScript threat. Flash was sandboxed from the browser, they would have had to hack both layers to break through. With HTML5 and current JS, they only have to hack one.

    ... and it isn't fixed yet. And the exploit will affect the Priv. And it will affect the Android Runtime on BB10 - although to a much lower extent thanks to sandboxing - if you ever use Chrome on it.

    Posted to CB via my Passport | Lloyd Summers | FileArchiveHaven
    Last edited by KermEd; 11-13-15 at 09:49 AM.
    11-13-15 09:30 AM
  5. Kwms's Avatar
    Well said. Just wanted someone to put it out there. Excellent.

    Technically, what he is saying, is the phone isn't rooted. However the browser made by Google has an exploit.

    On Android, Chrome browser has access to lots of stuff - browsers need mass access to your phone. It can download files, run files, and access anything you can as a user. Moreover the browser has some special access too, GPS tracking, microphone, you name it.

    The hack let's any evil website have the same control over your phone that the browser does. They can install things. Delete files. All without you knowing, and DTEK wouldn't even notice this. But it's not rooted at the OS, just an exploit that lets a hacker access your phone to the same level you do by using a browser that BlackBerry has no control over.

    I alluded to this risk in the past when people complained about the security of Flash on mobile but neglected to identify the bigger JavaScript threat. Flash was sandboxed from the browser, they would have had to hack both layers to break through. With HTML5 and current JS, they only have to hack one.

    ... and it isn't fixed yet. And the exploit will affect the Priv. And it will affect the Android Runtime on BB10 - although to a much lower extent thanks to sandboxing - if you ever use Chrome on it.

    Posted to CB via my Passport | Lloyd Summers | FileArchiveHaven


    Posted via CB10
    KermEd likes this.
    11-13-15 10:15 AM
  6. howarmat's Avatar
    11-13-15 10:27 AM

Similar Threads

  1. Sales number vs. Number of Downloads
    By jonty12 in forum BlackBerry Priv
    Replies: 58
    Last Post: 11-14-15, 09:15 PM
  2. Priv Stock Apps on ANY android!!!Available.
    By Belal Hussein in forum BlackBerry 10 OS
    Replies: 10
    Last Post: 11-13-15, 08:44 AM
  3. What is in the Device/misc/android folder in the File Manager?
    By janiksomaiya1 in forum General BlackBerry News, Discussion & Rumors
    Replies: 2
    Last Post: 11-13-15, 05:47 AM
  4. New Android exploit can hack any handset in one shot
    By ssbtech in forum BlackBerry Priv
    Replies: 3
    Last Post: 11-13-15, 02:18 AM
  5. Replies: 1
    Last Post: 11-13-15, 12:24 AM
LINK TO POST COPIED TO CLIPBOARD