Calling Carl Sagan
"Check Point claimed the vulns affected billions of devices."
Shouldn't that have been "beeellions"? Or even "beeellions and beeellions"?
Over-the-air provisioning is the latest attack vector threatening your innocent Android mobe, according to Check Point today. The Israeli threat intel biz reckons that a single malicious SMS can pwn a targeted device, allowing an attacker to do such nefarious things as intercepting emails, text messages and so on. "Given the …
"Check Point claimed the vulns affected billions of devices. While possibly true from a theoretical point of view back in March when discovered, the majority of those will have incorporated the patches, either through routine updates or updates pushed (legitimately) from mobile networks."
Do the numbers show that "the majority" of phones *get* updates?? Lots are out of the support range of the manufacturer or carrier.
You’ve confused SIM OTA that Gemalto describe with terminal OTA settings updates.
I believe checkpoint are referring to terminal OTA settings updates.
The SIM OTA updates were previously breached by Karsten Nohl:
Agreed, this is the terminal settings. The OTA CP provisioning documents claim this about the SEC parameter: "The parameter specifies the security mechanism used (if it is not present, no security is used). " 
This seems that CheckPoint is calling out manufacturers for following the specification, rather than highlighting the fact that the specification is faulty. This leaves you wondering if any handsets deviate from the specification in this area...
My Nokia 5.1 updated this morning
Now if only Nokia would fix their annoying battery management tech which decides to kill off any apps in the background to save battery life, but is not configurable so your messaging apps get killed off and you dont receive notifications unless you have them opened all the time.
Indeed. While my current phone - a refurbished Samsung Galaxy S6 - has on occasion received updates, most of the ones I've had in the past never did. That includes various new and refurbished models from Samsung, Sony, Asus, and LG. I don't buy from the carrier, and I use an MVNO; that sort of arrangement apparently orphans most models.
Google botched the Android update process by leaving it to manufacturers to package updates, and carriers to make them available. That's the long and short of it.
Biting the hand that feeds IT © 1998–2019