Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed

Posted by Soulskill on from the productive-payloads dept.

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.

92 comments

  1. Whose law? by Noah+Haders · · Score: 3, Interesting

    Sold malware within the limits of the law? Whose law? Not my law. By my law a man looks another man in the eye before stabbing him in the heart, and doesn't sneak up on him to stab him in the back.

    1. Re:Whose law? by ArcadeMan · · Score: 2

      Sold malware within the limits of the law? Whose law?

      Brannigan's Law.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    2. Re:Whose law? by ArcadeMan · · Score: 2

      Every time I read the word "law" now, I replace it with "injustice".

      --
      Get free satoshi (Bitcoin) and Dogecoins
    3. Re:Whose law? by Opportunist · · Score: 1

      Something being with in the law doesn't make something right or just.

      It only makes it legal.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Whose law? by mlw4428 · · Score: 2

      The law of the country in which the company was based. Your personal law means diddly squat. By my law men name Noah are cast to the wolves as food. Noah, what a dumb name.

    5. Re: Whose law? by Anonymous Coward · · Score: 0

      The same definition that politician uses (anything I do is legal, anything you do is illegal)

    6. Re:Whose law? by SharpFang · · Score: 3, Interesting

      There are countries (including the US) that do consider certain acts committed outside of their borders, not by their citizens, that only indirectly affect their country or citizens, as full crimes, to be persecuted and the guilty to be extradited, regardless of laws of the countries where these "crimes" were committed.

      So, if given country has a law against aiding unauthorized entities from spying on their citizens, and the firm sells the software to these entities, it is committing a crime. And while extradition or direct consequences are unlikely, they are not impossible, especially if employees of the firm ever visit the country in question.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    7. Re:Whose law? by JaredOfEuropa · · Score: 1

      Spot on.
      Note to government: you may be my accountant, my arbiter, my bodyguard and my insurance agent, but you are not my dad. Stop acting like it.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    8. Re:Whose law? by disposable60 · · Score: 1

      Sold malware within the limits of the law? Whose law?

      Cole's Law

      / thinly sliced cabbage, rice wine vinegar, a dab of (Duke's) mayo.

      --
      You're looking for quotes? See my journal.
    9. Re:Whose law? by Phreakiture · · Score: 1

      to be persecuted

      Normally, one would use the word "prosecuted" here . . . but I like this version.

      --
      www.wavefront-av.com
    10. Re:Whose law? by fluffynuts · · Score: 1

      My laws say "no stabby".

      Heart, back, dick, I don't care. NO. STABBY.

  2. Ok, so... by Anonymous Coward · · Score: 2, Insightful

    Awesome. So when's the patch coming out?

  3. Not really. by Anonymous Coward · · Score: 0

    Something that runs as root/administrator has access to all that data, no surprise. Maybe you mean the fact that somebody programmed a way to retrieve and view it all as the accomplishment, all that took was time for somebody to do it all.

    1. Re:Not really. by JustAnotherOldGuy · · Score: 1

      Lol, I know, so shocking, isn't it?

      "You mean the ADMIN account can do ANYTHING?? OMG OMG OMG!"

      --
      Just cruising through this digital world at 33 1/3 rpm...
  4. Re:Bring-on the Apple haters by xxxJonBoyxxx · · Score: 2

    >> if security and privacy are a concern, maybe iPhone isn't really such a bad option

    Dude, is Google down today? http://lmgtfy.com/?q=iphone+ma...

    Then look up WireLurker. Then MASQUE-D. And if you jailbreak a phone, pretty much all bets are off.

  5. Being within the law doesn't make it right by Opportunist · · Score: 4, Insightful

    Killing Jews was strictly within the law of Nazi Germany.

    What is wrong is wrong. Within the law or outside of it, there are certain things that make you an asshole when you do it.

    Supporting oppressive regimes is such a thing. Yes, it's legal to deal with them. Yes, it's legal to sell them your shit. Yes, you're still an asshole for doing so. A legal asshole if you want to, but at the end of the day, you're still just full of shit and nobody wants to touch you.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Being within the law doesn't make it right by wbr1 · · Score: 1

      However, within an individuals social connections, that rarely comes into play. The buddies these developers bowl, and drink beer with just know they are in IT or software development. there is no uniform that says look at me.. I am a dbag and sell spy tools to asshole countries.

      --
      Silence is a state of mime.
    2. Re:Being within the law doesn't make it right by macs4all · · Score: 1

      Yeah but fuck the jews.

      I'm not even Jewish; but I double-dog dare you to sign-on and say that.

    3. Re:Being within the law doesn't make it right by Opportunist · · Score: 1

      No, but these douchebags now ruin it for the rest of us. So far that whole shit didn't hit mainstream media too hard, but when it does, do you think that you could sensibly tell anyone anymore that you're in ITSEC? People will treat us like we're working for the fucking Stasi or something.

      And that alone is enough for me to want them kicked in the nuts, hard and repeatedly. Fuck, I'd do it myself if those fuckers weren't even worth a nanosecond of jail time.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Being within the law doesn't make it right by Anonymous Coward · · Score: 0

      Only if they are hot!

    5. Re:Being within the law doesn't make it right by painandgreed · · Score: 1

      Killing Jews was strictly within the law of Nazi Germany.

      I would not bet on that. While Germany and Germans may have been pedantically detail oriented and had a desire to fulfill the letter of the law, the NAZI party never really had those habits. Even after it was technically legal for Hitler to write up any law he wanted, he often didn't bother. They would write up laws that sounded good to the German people and announce them, and then promptly ignore and break them. Anybody asking too much about the legality of their actions usually found themselves threatened with extra-judicial punishment.

      In D&D terms, they were a Chaotic Evil group in charge of a Lawful country. They developed propaganda to the art it became just so they could lie to the country to get away with all the illegal stuff they did. When they took over the labor unions, they did not even make up ex post facto laws to put the former union leaders in jail (even the ones that worked with the NAZIs), they just made up a list and sent them to camps, confiscated their money, and told everybody they now belonged to the new nationalized labor union they created.

    6. Re:Being within the law doesn't make it right by q4Fry · · Score: 1

      How do I mod +1 Troll?

  6. BEEP BEEP - Update? Why? by Anonymous Coward · · Score: 0

    "The spyware is delivered either via the aforementioned app, or via an SMS or email that contain a specially crafted URL that will trigger exploits for several vulnerabilities in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean."

    You are fucked. Either root your own device and upgrade to a new version/custom rom or just live with the fact that you will always stay vulnerable, at least until your next phone purchase.

    Thank the phone carries going forward for their forward thinking.

  7. A request ... by gstoddart · · Score: 4, Insightful

    Hey, if there's any angry hackers out there, will someone please ruin these assholes lives?

    Because if anybody deserves to be fucked with by the internet, it's these clowns.

    kthanksbye

    --
    Lost at C:>. Found at C.
    1. Re: A request ... by Anonymous Coward · · Score: 0

      Not me. It's all part of the game. I must to respect a fellow player's wins. Now if I'm the target of their hack, for sure they will be my target.

    2. Re:A request ... by wbr1 · · Score: 2

      Given this data dump I would say someone has and is probably still trying to.

      --
      Silence is a state of mime.
  8. Not out of the ordinary by Hall · · Score: 2

    Sounds like a lot of different Android apps. The Facebook app can do most of the same things, as can Chrome, and so on....

    1. Re:Not out of the ordinary by Anonymous Coward · · Score: 0

      The difference being, you actively installed those apps and explicitly gave them those permissions. Not the same boat, not even the same ocean.

    2. Re:Not out of the ordinary by Anonymous Coward · · Score: 0

      Have you been watching the news these days? Cops can and do shoot innocent people. There seems to be a death or two every weekend.

    3. Re: Not out of the ordinary by Anonymous Coward · · Score: 0

      They aren't innocent. They are guilty of WWB (walking while black)

    4. Re:Not out of the ordinary by macs4all · · Score: 1

      The difference being, you actively installed those apps and explicitly gave them those permissions. Not the same boat, not even the same ocean.

      Blame the User. The last bastion of the technically-challenged.

      In case you didn't notice: The percentage of Android Users that are up to par with the likes of people who frequent Slashdot or Stack Overflow, etc. is vanishingly small. So, simply dismissing those people with a conceited and immature wave-of-the-hand is most unhelpful to the entire Android "community".

      You want people to start flocking to iOS? Keep that attitude up, asswipe.

  9. Check-up tool? by wardrich86 · · Score: 2

    Is there a tool to check and see if you've been infected?

    1. Re:Check-up tool? by barbariccow · · Score: 1

      A virtual pitri dish.

  10. MOOOoooooove over Android by Anonymous Coward · · Score: 0

    Just another shitty day on a shitty phone OS

  11. Re:Bring-on the Apple haters by Anonymous Coward · · Score: 2, Informative

    Jailbroken iDevices are totally irrelevant. There have been zero exploits on non-JB devices that are widespread.

    Also, Android isn't that insecure. A rooted Android device is just as secure as an unrooted one, assuming the user doesn't click "allow" on the su dialog. In fact. the latest su app won't allow apps to ask for root access unless the install permissions have PERMISSION_SUPERUSER present in the app manifest.

    However, Android does have a permission model that is all or nothing, where a fleshlight app can ask for everything under the sun and there is no "allow, but not with those permissions" available.

    Well, unless one downgrades to 4.x and uses XPrivacy, which solved the job quite well, as good, if not better than PMP on Cydia.

  12. Re: Bring-on the Apple haters by Anonymous Coward · · Score: 0

    Check out App Ops... granular permissions (kinda) on Android.

  13. Re: Bring-on the Apple haters by Anonymous Coward · · Score: 0

    Walled garden no bugs or exploits. It only means now you're even more dependent on a company to fix the exploits and bugs because it's much harder to find workarounds or fix them yourself.

  14. Android's stock browser MUST be removed by emil · · Score: 3, Interesting

    The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.

    This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.

    LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.

    1. Re:Android's stock browser MUST be removed by macs4all · · Score: 1

      The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.

      This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.

      LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.

      Wow!!! You mean that intrinsic APPS can't even be UPDATED on Android without updating the OS???

      Wow. Just. Wow.

      What? Did an eight-year-old write Android? Is that why it has that ridiculous, childish name? Why not just call it "Buzz Lightyear" and be done with it?

    2. Re:Android's stock browser MUST be removed by zedaroca · · Score: 1
      I'm really curious about your opinion on Apple device's names.
      Do you think that calling something "i" as in "myself" plus "general name for the product" isn't ridiculous? Why not? Do you perceive it as mature (adult-like)?

      How would you rank the ridiculousness of the names Microsoft, Apple and Google? And of Windows, iOS and Android? How would they rank in childishness? Why? Do you make other comparisons to justify them?

      Since I'm not an Apple fan, I rationalize in ways to criticize them, like you did with buzz lightyear - that I honestly think was an interesting critic. My critic usually goes on the idea that as people grow up they should stop being self-centric, so putting I in front of stuff is less mentally evolved. If you care to respond, thanks.

    3. Re:Android's stock browser MUST be removed by Anonymous Coward · · Score: 0

      Wow!!! You mean that intrinsic APPS can't even be UPDATED on Android without updating the OS???

      Wow. Just. Wow.

      You mean just like iOS? Ever seen a Safari update outside an OS update? Mail? Messages? Shall I go on?

      What? Did an eight-year-old write Android? Is that why it has that ridiculous, childish name? Why not just call it "Buzz Lightyear" and be done with it?

      Pot, kettle. Black. macs4all, you're a notorious flamer and troll around here, but even I am perplexed at this post of yours. Normally your unwavering defense of all things Apple is at least rooted in some understanding of the underlying technology, even if misguided. But this is horrifically bad if you honestly think iOS is different from Android in this regard.

    4. Re:Android's stock browser MUST be removed by macs4all · · Score: 1

      Do you think that calling something "i" as in "myself" plus "general name for the product" isn't ridiculous? Why not? Do you perceive it as mature (adult-like)?

      LOL!

      The "i" prefix on Several Apple products in the late 1990s and early 2000s is not indicative of the personal pronoun "I" (notice the capitalization), as in "I, Robot", but rather, the "i" in "Internet" (small "i"). Silly as it seems now, the fact that, in 1999, you could take an iMac (the first "i" Product") out of the box and connect (via dialup, using the iMac's built-in MODEM) to the interwebs in two easy steps in about five minutes was quite a revelation. Apple even had a popular TV ad and a catchphrase ("There is no step 3") revolving around this.

      After the iMac single-handedly put Apple back on the map (and launched the USB peripheral industry), Steve Jobs and Apple used the name recognition of the "i" in "iMac" to cause consumers to identify "i" products as Apple products. And Apple products were (and are) "cool" products in the eyes of most consumers. Not making any judgments here, just observations. And the fact that, to this day, many, many other companies have named goods and services with the "i" prefix, despite Apple's efforts to the contrary, clearly shows the power of that simple, one-character "branding".

      Of course, all successful marketing gimmicks eventually become a caricature of themselves, and so Apple has all-but abandoned the iconic "i" prefix on newer product lines, such as the Apple Watch. But as brand-identity goes, that little "i" has served Apple QUITE well; but it has nothing to do with conceit ("I, Phone!"), but rather, harkens back to a time when painless internet connectivity was a big selling feature.

    5. Re:Android's stock browser MUST be removed by macs4all · · Score: 1

      Wow!!! You mean that intrinsic APPS can't even be UPDATED on Android without updating the OS???

      Wow. Just. Wow.

      You mean just like iOS? Ever seen a Safari update outside an OS update? Mail? Messages? Shall I go on?

      What? Did an eight-year-old write Android? Is that why it has that ridiculous, childish name? Why not just call it "Buzz Lightyear" and be done with it?

      Pot, kettle. Black. macs4all, you're a notorious flamer and troll around here, but even I am perplexed at this post of yours. Normally your unwavering defense of all things Apple is at least rooted in some understanding of the underlying technology, even if misguided. But this is horrifically bad if you honestly think iOS is different from Android in this regard.

      I will agree that it is pretty-much unheard of for Apple to update intrinsic iOS Apps outside the auspices of an OS Update, they instead will often "spawn" an iOS "point-release" update for the SOLE (or at least primary) purpose of updating an intrinsic app or framework. What you are suggesting is that Apple only updates things on major iOS version-changes. By comparison, there is absolutely NO history of a "Jelly Bean.1" in the Android ecosystem. None. And Apple DOES, on occasion, but very rarely, update iOS Apps without an OS update; however, I admit they tend to simply spawn "Point Releases" of iOS instead.

      And on OS X, they update included Applications and Frameworks ALL the time without waiting for even a minor "Point Release" of OS X.

    6. Re:Android's stock browser MUST be removed by zedaroca · · Score: 1

      I'm really curious about your opinion on Apple device's names.

      It was an informed opinion.
      Thanks. Very interesting. Would mod you up if I could.

    7. Re:Android's stock browser MUST be removed by macs4all · · Score: 1

      I'm really curious about your opinion on Apple device's names.

      It was an informed opinion. Thanks. Very interesting. Would mod you up if I could.

      And thank YOU for allowing facts to sway your opinion. So rare on Slashdot!!!

    8. Re: Android's stock browser MUST be removed by LordNightwalker · · Score: 1

      Not sure how it works under the hood as I've never cared for it on that level of detail, but system apps do receive updates on Android. I assume they come in the form of binary overlays, as you have the option of uninstalling them, while this option is denied you for the actual app. Uninstalling the updates reverts the app to its original feature set. And replying out of band here, but w.r.t. the i-naming for Apple products: never knew it stood for Internet (also should've been capitalised then), but whatever their reasons, it sure was catchier than prefixing everything with "mac". But in those days there was a lot of i-this, e-that, v-the-other-thing and x-whatever going on... For some reason only the i survived... Those guys in Cupertino know their marketing...

      --
      Install windows on my workstation? You crazy? Got any idea how much I paid for the damn thing?
  15. Hacking Team description by ITRambo · · Score: 1

    A bunch of soulless, fascist fucks that have proven that they deserve to live in Guantanamo Bay as honored guests, like the rest of the terrorists residing there.

    1. Re:Hacking Team description by Anonymous Coward · · Score: 0

      A bunch of soulless, fascist fucks that have proven that they deserve to live in Guantanamo Bay as honored guests, like the rest of the terrorists residing there.

      Like the staff of guards there? Torturing people until they are only capable of a wailing howl which the staff calls the soul that's leaving the body? Reminds me of witch trials: Can survive under water: A witch. Didn't survive: Ups.

  16. Great for Framing by Anonymous Coward · · Score: 0

    This is great for framing people you do not like. Hack their phone, upload some child porn to the device, then phone in an anonymous tip that you saw the victim looking at questionable content on his phone. Leave the back door around long enough to help unlock the device if the victim decides to lawyer up and make it difficult for the cops to get in.

  17. Any good honeypot software for smart phones? by Anonymous Coward · · Score: 0

    I know there is for the PC, I'd like to see if I can catch some bitch trying to hack my phone. Thanks.

  18. Ha ha by JustAnotherOldGuy · · Score: 2

    Never have I been so happy to have an old, old Nokia phone that can't load apps, doesn't run on iOS or Android, and is pretty much immune to all of this fancy hacker-bullshit. Yeah, maybe I'm a throwback, but at least I'm not worried about having my phone cornholed by some crap-ass company or hacker.

    No, I can't watch movies on my phone (that's what I have a TV for, hello?) and no I can't find out the temperature on Mars, but guess what? I don't want to.

    I want to 1) make calls, 2) take calls, and 3) maybe take a picture now and then. Trying to hack my phone would be an exercise in frustration, lol. :)

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Ha ha by AuMatar · · Score: 1

      Actually, all those phones have J2ME embedded and do allow downloading of apps. Its probably more exploitable due to age and lack of updates than a secured modern smartphone. There's just not enough of you in rich enough countries to bother.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    2. Re:Ha ha by barbariccow · · Score: 1

      I have a modern dumbphone. They still make them. They don't want you to buy them because they don't use any data, but they're there. Mines survived getting ran over. Try running over a smartphone :)

    3. Re: Ha ha by nehumanuscrede · · Score: 1

      From a fellow old guy, I guarantee you my next phone is going to be just like yours.

      It makes phone calls. Period.

      To hell with Androids, Iphones and the rest. Tired of this bullshit.

    4. Re:Ha ha by JustAnotherOldGuy · · Score: 1
      > Its probably more exploitable due to age and lack of updates than a secured modern smartphone.

      I sincerely doubt that. I can barely get it to connect to the Nokia site. And from what I can tell, java won't run on this dinosaur. If a hacker manages to crack my phone he deserves an award. Unfortunately all he's likely to get are some blurry pics of my driveway.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    5. Re:Ha ha by AuMatar · · Score: 1

      I've written apps for them. It plays Snake? What do you think Snake is written in?

      --
      I still have more fans than freaks. WTF is wrong with you people?
  19. Are we supposed to be surprised? by Overzeetop · · Score: 3, Interesting

    A dedicated, full time, paid set of software (and, presumably) hardware professionals with tens (or hundreds) of millions in revenue/funding with no fear of prosecution have managed to create effective software which uses exactly the same features that are available to the OS and app developers to collect data and phone home on the sly, while avoiding detection by people who are - mostly - entirely ignorant of the underlying system.

    This is funded by the same people who can press a button and put a thousand pounds of high explosives, literally, through the front door of a building a thousand miles away in under 120 minutes, or 500lbs from 300 miles away in under 10 minutes.

    It would be a story if they couldn't. (actually, it wouldn't - we'd call them typical incompetent government contractors).

    --
    Is it just my observation, or are there way too many stupid people in the world?
  20. Re:Bring-on the Apple haters by 0123456 · · Score: 2

    Walled garden makes no difference, as this apparently exploits old Android bugs to install itself.

    The big difference is that Apple continues to support old devices with new versions of the operating system until the hardware becomes too outdated to run it. Android devices are lucky if they get two upgrades before the carrier or manufacturer declares them done.

    And, yes, that's one reason I'm expecting to dump Android for Apple when Google stop supporting my Nexus tablet.

  21. Re:Bring-on the Apple haters by Anil · · Score: 1

    Apple's user base is pretty large. And there have been multiple malwares created for iOS, for example WireLurker.

  22. Psssh.. my flash light app can do all that ... by Hohlraum · · Score: 5, Funny

    ;)

  23. Re: Bring-on the Apple haters by ewanm89 · · Score: 1

    How do you think you perform the jailbreak? Oh right you use an exploit. I remember the iPhone 3G had a website called let me jailbreak that for you. As for vl permissions, there is appops in android but you'll need to root to use it. At least 'till Android M is released.

  24. Re:Bring-on the Apple haters by 0123456 · · Score: 1

    Apple's user base is pretty large. And there have been multiple malwares created for iOS, for example WireLurker.

    Which apparently requires you to download a trojan onto your OSX machine, then plug your iPhone into it. Not exactly quite so easy as auto-installing when you browse a URL with a vulnerable version of Android because your phone carrier won't let you upgrade it.

  25. Re:Bring-on the Apple haters by Bing+Tsher+E · · Score: 1

    I know this is off topic here, but my phone gets it's Windows 10 upgrade sometime next week.

  26. Re:Bring-on the Apple haters by Krojack · · Score: 1

    However, Android does have a permission model that is all or nothing, where a fleshlight app can ask for everything under the sun and there is no "allow, but not with those permissions" available.

    This is changing in Android M

  27. Re:Bring-on the Apple haters by Krojack · · Score: 2

    Walled garden makes no difference, as this apparently exploits old Android bugs to install itself.

    The big difference is that Apple continues to support old devices with new versions of the operating system until the hardware becomes too outdated to run it. Android devices are lucky if they get two upgrades before the carrier or manufacturer declares them done.

    And, yes, that's one reason I'm expecting to dump Android for Apple when Google stop supporting my Nexus tablet.

    Apple does stop supporting. My (no longer used) iPad is stuck on iOS 5.x.

    Personally I believe device manufactures should be held accountable for not pushing OTA updates to patch security exploits. At least for x number of years after releasing a device or Google stops patches for that version of Android. This is one reason I moved to a Nexus 6 from a Samsung Note 2. I was considering a Note 4 but I hate always being 2 versions behind in Android versions. Samsung claims they are working on 5.0.x for the Note 2 but if and when they push it out, Android M (5.2?) will be out. Sure I was already running 5.1 because I root. That's not the point. The point is that these companies being slow at pushing out OS updates is whats keeping so many people's devices at risk.

  28. why? by Anonymous Coward · · Score: 0

    Why call it secure?
    Ssl is broken, most if naught all security measures that were created many years ago are broken.
    These mechanisms were created many years ago.. MANY!!! As a result, tech has caught up now and all of these methods are crap..
    I find it funny that many people try to sweep it under the "rug" but we are here now..
    What ya going to to about it?

  29. Re:Bring-on the Apple haters by barbariccow · · Score: 1

    where a fleshlight app

    Woah! They have an app? Is there an external attachment too?

  30. Re:Bring-on the Apple haters by macs4all · · Score: 1

    >> if security and privacy are a concern, maybe iPhone isn't really such a bad option

    Dude, is Google down today? http://lmgtfy.com/?q=iphone+ma...

    Then look up WireLurker. Then MASQUE-D. And if you jailbreak a phone, pretty much all bets are off.

    WireLurker looks to be pretty nasty, that's for sure. But it's also only on a GreyWare "App Store", NOT available through legit channels.

    And MASQUE-D is such a threat (NOT!) that I had to try two different search terms to even FIND a reference on Google. Plus, it again is a Trojan, that has to entice the user to install it from a non-legitimate "App" site.

    And as far as JailBreaking your iOS device, you get what you deserve, period.

    So, thanks for proving the point that the "Walled Garden" actually WORKS. If you want to spend the extra effort to step outside into the Methane-Gas atmosphere, then don't complain when you start choking...

    Next!

  31. Re:Bring-on the Apple haters by macs4all · · Score: 1

    fleshlight app

    What does that do, exactly?

  32. Re:Bring-on the Apple haters by macs4all · · Score: 1

    However, Android does have a permission model that is all or nothing, where a fleshlight app can ask for everything under the sun and there is no "allow, but not with those permissions" available.

    This is changing in Android M

    Too bad that pretty much EVERYONE who owns an Android device currently will have to:

    1. Wait a YEAR while all the Carriers re-infect it with THEIR Malware, er, Extra Features.

    2. THROW AWAY their Current Android Device, the BUY ONE WITH Android "M".

  33. Re: Bring-on the Apple haters by Anonymous Coward · · Score: 0

    There was the exploit where you hold the power button while performing another task and it bypassed the lock screen. Apple is not immune to bugs, no matter what you think.

  34. Re: Bring-on the Apple haters by macs4all · · Score: 1

    Walled garden no bugs or exploits. It only means now you're even more dependent on a company to fix the exploits and bugs because it's much harder to find workarounds or fix them yourself.

    And Android Users can?

  35. Re:Bring-on the Apple haters by macs4all · · Score: 1

    Apple does stop supporting. My (no longer used) iPad is stuck on iOS 5.x.

    He never said they don't stop supporting. Only that they do so ONLY when the Hardware simply makes it impractical.

    You have a first-generation iPad. Know how I know that? Because EVERY other version of the iPad (including my iPad 2nd gen) IS still supported (haven't checked as to whether that is true for iOS 9; but so far, it has been supported). In fact, Apple recently released a "point-release" for iOS8 that, among other things, was specifically designed to improve performance on iPad 2.

    NOBODY in the Android-universe does that, with the possible exception of Google with Nexus. And they do that only because it is their Reference Platform for Android.

  36. Re: Bring-on the Apple haters by Anonymous Coward · · Score: 0

    You should really look up "fleshlight." I was not aware that there was an app for that.

  37. Hacking Team deliver spyware on Android devices by nickweller · · Score: 1

    "Hacking Team used fake app hosted on Google Play to install its spyware on Android devices"

    For a minute there I thought Hacking Team/slashdot were going to dazzle me with their hacking-foo. How does remotely installing and running an app - and achieving root on a device - equate to tricking the user into downloading and installing a fake app?

  38. Gotdamn Ities by terrywirth5 · · Score: 1

    Who do they think they are, the NSA? We'll show them what exceptional hackers are and bomb them off the face of the earth.

  39. Re:Bring-on the Apple haters by PNutts · · Score: 1

    where a fleshlight app

    Woah! They have an app? Is there an external attachment too?

    Somebody mod that post sexy - Zapp Brannian

  40. Re:Bring-on the Apple haters by Krojack · · Score: 1

    This is why I got the Nexus 6... I got sick of waiting.

  41. Re:Bring-on the Apple haters by Anonymous Coward · · Score: 0

    XPosed framework works fine for me (YMMV) on my LG G2 running 5.0.2. Anecdotal, I know...

  42. Re:Bring-on the Apple haters by Anonymous Coward · · Score: 0

    In general I think you're correct. Most people are pretty dumb and likely better off in the walled garden so they can't hurt themselves. Similarly, dumb people are better off with a foam hammer than a real hammer, even if it's less useful at least they can't nail themselves to their toilet.

  43. Re:Bring-on the Apple haters by macs4all · · Score: 1

    In general I think you're correct. Most people are pretty dumb and likely better off in the walled garden so they can't hurt themselves. Similarly, dumb people are better off with a foam hammer than a real hammer, even if it's less useful at least they can't nail themselves to their toilet.

    See? There you go, blaming the user. Typical Slashtard.

    There is a BIG difference between being "dumb" and being "ignorant".

    If I sat you down in the control room of a jet fighter, or a helicopter, I would bet that (assuming you aren't skilled in any of those) you wouldn't be able to successfully land any of them. Why? Because you simply haven't had to learn those skills to navigate your particular slice of the universe. Does that make you "dumb"?

    Not everyone is a computer expert. And that is EXACTLY what it takes to determine which (if any) of a set of permissions an app might need, if you are IGNORANT of the rather dire consequences of granting just ONE of the wrong permissions.