Recent Android update likely fixed serious security flaw

July 31, 2009 | by Andrew Kameka

The Android firmware update sent out to T-Mobile phones recently seemed pretty boring since no one noticed any new features. It was quickly discovered to be a security patch and it seems the Android world may now know exactly what the update protected us from.

Two security researchers discovered a flaw in Android and iPhone devices that leave both operating systems vulnerable to denial of service attacks. By sending difficult-to-manage SMS messages, researchers were able to exploit a bug in the Android system and prevent the phone from accessing the network.

“The bug is similar to the second iPhone bug in the way that it kills the telephony process(com.android.phone) and thus kicks the Android device from the mobile phone network,” the researchers said. “On Android the bug is a little more interesting since it will permanently kick the target device off the network if the SIM card residing in the phone has a PIN set.”

Wow. That update doesn’t seem so boring now.

At the Black Hat Security Conference in Las Vegas yesterday, Charlie Miller and Collin Mulliner, the aforementioned researchers, explained how they exploited the bug. Creating an “injector” in the phone’s process allowed them to block communication to the point that a network connection became impossible. That essentially meant they could have sent a text message to a phone and caused serious damage.

Google has confirmed that the security flaw has already been addressed, likely in the recent OTA update.

[Information Week]

firmware, OTA, security, T-Mobile, updates

5 Comments

tunnie says:

July 31, 2009 at 9:30 am

I updated my Magic yesterday, was this the update? My handset is branded Voda, but i am using my O2 SIM. Are the updates automatically picked up from the market? So what network your on should not matter? I hope!
tunnie says:

July 31, 2009 at 9:30 am

I updated my Magic yesterday, was this the update? My handset is branded Voda, but i am using my O2 SIM. Are the updates automatically picked up from the market? So what network your on should not matter? I hope!
Sebastian says:

July 31, 2009 at 11:42 am

A Bug, really? YESSSSSSSSS … Sometimes I look at my phone in the morning and it asks for the PIN, seemed to me, that is has restarted due to whatever, but obviously it cannot reconnect tot the network …
Wholesale NFL says:

December 25, 2009 at 1:10 am

In every sport that we like, we do have our own desired players and beloved teams that we prove so much. We examine all their sport and cheer them on when they get a tally. We also tend to shout motivational cheers when they play awfully. We even buy posters, auburn mugs, t-shirts, jerseys and other stuffs containing the players names and the name of the bunch that we dearest so much. This is how most of the sports fans espousal their well-loved sports icons and teams. Sports fans most specifically buy jerseys in blanket. Wholesale NFL jersey are in deed very salable to most of the football fans not only in the United States of America but in the entire world, as well. Buying general NFL jerseys is very advantageous because this is one way of receiving these jerseys in a cheaper prices. This way, fans may be able to buy as many jerseys as they can.
Android and Google says:

February 22, 2010 at 5:21 pm

There's an impressive amount of shipment statistics relating to Android. It does sound technologically exciting but the bugs sound like a teething problem- it happens. =) Sarah

Android Apps and News

Thoughts on the Samsung Galaxy S 4 and Unpacked 2013

Diztronic case review for LG Nexus 4

Why I decided to purchase the Nexus 4

Samsung Galaxy Note 2 - Verizon Remix Version

HTC DROID DNA Review

Samsung Galaxy Note II Review

Android News