INVASION of the UNDEAD ANDROIDS: Hackers can pwn 'nearly all' devices

Strict liability

for which the operators will not release a new version,

Is the one like where car makers won't pay for recalls while they fix dodgy pedals, tyres, fuel lines, etc? All we need are a few customers ready to say "class action" and updates will be rolled out.

Pwning an android is like stealing food from Lidl: one way or another you'll end up with sh*t on your breath.

It's hard to keep track if all the problems with android. It's not surprising given google doesn't care about protecting users. They're just as interested as the bad guys in tracking you or slurping data off your phone. Android is such a ghetto.

Is it me, or does the Android logo, when given horns, look a lot like one of the imps from Zero Punctuation?

There's a major problem with getting Android updates out to end users because both manufacturers and carriers are in the middle of it and they can be ridiculously slow at pushing out updates.

I have a HTC One and I'm still awaiting a 4.2.2 update that Three Ireland are "testing".

OS updates need to get out quickly and plug security holes, that sadly isn't often the case with the way things are done in the Android ecosystem and it will inevitably cause some major problems, much like the lazy IT departments that continue to force users to run ancient versions of Internet Explorer because some clapped out piece of software uses it as a front end and then wonder why they got hacked.

Not done yet

After resisting the drive for tablets in the workplace due to;

A. Not being convinced our use would add any productivity for the extra IT risk

B. my conviction that there would be a major security issue with Android within the year.

The jury it out on A and still believe B, though I don't think this is it, I foresee something bigger and only have about six months to be proven wrong or right.

When will somebody finally sue the carriers for not updating the phones they sold with security flaws?

Feet back to the ground

So, the risk is that a legitimate app would be tampered with? So.. if I'm a villain and I want to take advantage.... hmm... so I somehow get the source code of a legit app. I add my own homemade or previously packaged back door, and then I just take advantage of the signature flaw, so my app still looks legit... cool. OK, now how do I make my victim to install my especially seasoned app..? Course, all have to do is break the Play store security or whatever system the original manufacturer has... and upload my espec... right... Hmm.. What the heck? If can do that, why do I need a security flaw in the signature algorithm!!? ...OK, k. yes I put my especial seasoned app in my own especially seasoned website... cool!! ... Hmm, If I can convince any moron to download an app from my own especially seasoned website. What the heck!!?

NSA_KEY

Looks to neat to be accidental.

Chinese flood world with Huawei kit...the Americans respond with the "ANDROID_KEY"

Surprise!

Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

People need to give themselves a shake and stop using MS products!

Yeah, what happened to Eadon while I've been out of things? I saw all his posts got deleted - did he finally get himself banned?

You think its bad *now* ...

Just wait until someone writes a battery pwning trojan that overrides the built in failsafes (software I might add) and causes the batteries on thousands of phones to overcharge outside their narrow safety envelope.

Can you say "Epidemic of spontaneous human combustion" ?

AC

This whole scare is completely ridiculous. It's like saying, hosting a malicious .exe on a website could be used to exploit 100% of Windows PCs.