LTE 4G Networks Put Androids At Risk of Overbilling and Phone Number Spoofing

← Back to Stories (view on slashdot.org)

LTE 4G Networks Put Androids At Risk of Overbilling and Phone Number Spoofing

Posted by samzenpus on Monday October 19, 2015 @06:35AM from the protect-ya-neck dept.

An anonymous reader writes: Carnegie Mellon University's CERT security vulnerabilities database has issued an alert regarding the current status of LTE (Long-Term Evolution) mobile networks, which are plagued by four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS (Denial of Service) states on the phone and network, and even obtain free data transfers without being charged. The vulnerabilities were discovered by 8 scientists which documented them in their research.

113 comments

Min score:

Reason:

Sort:

Scroogeled again! by Anonymous Coward · 2015-10-19 06:38 · Score: 0, Offtopic

Scroogeled again!
Android Only by Anonymous Coward · 2015-10-19 06:42 · Score: 0, Troll

"Only Android devices are affected, iOS users are safe"

Ah, Android, is there anything you don't fail at?
1. Re:Android Only by ArhcAngel · 2015-10-19 08:05 · Score: 1
  
  iOS users are definitely not safe
  
  --
  "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
2. Re:Android Only by blackpaw · 2015-10-19 10:48 · Score: 2
  
  "Only Android devices are affected, iOS users are safe"
  Ah, Android, is there anything you don't fail at?
  Windows phone - regular updates direct from MS and a lot smoother than the laggy Android experience.
3. Re:Android Only by BronsCon · 2015-10-19 11:45 · Score: 1
  
  Actually... No. Windows Phone updates have to be approved by carriers.
  
  We work closely with our carrier partners, and encourage them to test our software as swiftly as possible. But it’s still their network, and the reality is that some carriers require more time than others. By the way, this carrier testing is a common industry practice that all of our competitors must also undergo. No exceptions.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
4. Re:Android Only by Anonymous Coward · 2015-10-19 16:52 · Score: 0
  
  Yet, MS still manages to release updates within a reasonable time for ALL carriers.
5. Re:Android Only by Anonymous Coward · 2015-10-19 18:18 · Score: 0
  
  iOS users are definitely not safe
  
  But Android users are fucked.
6. Re:Android Only by BronsCon · 2015-10-19 19:05 · Score: 1
  
  And so does Google. Samsung, LG, HTC, Motorola, and the rest of the Android coat-tail-riders just want to sell hardware, so they have no interest in keeping their devices up to date; Google, on the other hand, wants their platform in as many hands as possible, so they have an interest in doing it right. They need to crack down on their OEM partners, but the reality is that the OEMs and carriers screw up Android so bad that the only way to get a decent experience is to buy a Nexus, anyway, so I don't really care if that ever happens. As long as the Nexus line is around, I'll be happy. Eventually, people will wise up and stop buying devices with shitty support; it might take a few widespread hacks of Android devices with reports of "up-to-date Nexus devices not affected", but it will happen. People will stop buying non-Nexus Android devices, at least enough that the OEMs will be forced to stop cramming shit down their throats.
  
  Or not. Maybe people will never learn. Either way, the Nexus line exists and Google does a very good job at keeping it updated.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
7. Re:Android Only by ArhcAngel · 2015-10-20 02:08 · Score: 1
  
  Keep drinking the kool-aid
  
  --
  "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
8. Re:Android Only by Anonymous Coward · 2015-10-20 19:04 · Score: 0
  
  Keep drinking the kool-aid
  
  Keep drowning in bullshit. The fact alone that you would have to provide a good dozen links on that site to defragment all the Android vulnerabilities shows how fucking lost you are.
Editors, please proof read submissions! by kaka.mala.vachva · 2015-10-19 06:44 · Score: 3, Insightful

I don't expect everyone to have perfect English (I don't), but editors should do some proof reading before they post articles. The vulnerabilities were discovered by 8 scientists *who* documented them in their research. or better yet: These vulnerabilities were discovered and documented by 8 scientists as part of their research.
1. Re:Editors, please proof read submissions! by thegarbz · 2015-10-19 21:20 · Score: 1
  
  I don't expect everyone to have perfect English (I don't)
  No, but I do expect people who get paid based on their proficiency of English to have perfect English. Two that immediately come to mind are 1: Translators, and 2: Editors.
2. Re:Editors, please proof read submissions! by Anonymous Coward · 2015-10-19 22:57 · Score: 0
  
  The editors think that they must be quickly responding to this breach of the English protocol and pledge to strive to avoid these most serious mistakes in postings of the future.
  Any doubts?
To Be Honest by Anonymous Coward · 2015-10-19 06:45 · Score: 2, Interesting

I have for a while now been tempted to leave Android and I've decided to do so on November 15, which is the day AT&T releases the new Windows Phone 950. Call me mad, but I'm tired of the Android shenanigans, the balkanization between carriers, and even devices within a single carrier. I've got a Nexus 6 at the moment, and it still does not have Marshmallow. I want to wait for the OTA rather than flash it myself, but come November 15, this device is gone.
1. Re:To Be Honest by JackieBrown · 2015-10-19 07:06 · Score: 3, Insightful
  
  I've got a Nexus 6 at the moment, and it still does not have Marshmallow. I want to wait for the OTA rather than flash it myself, but come November 15, this device is gone.
  Please send it to me. Thank you
2. Re:To Be Honest by Anonymous Coward · 2015-10-19 07:19 · Score: 0
  
  which is the day AT&T releases the new Windows Phone 950. Call me mad
  You are beyond mad. There isn't even a word for it.
3. Re:To Be Honest by chipschap · 2015-10-19 08:04 · Score: 1
  
  So a Windows phone is somehow going to be better?
4. Re:To Be Honest by blackpaw · 2015-10-19 10:50 · Score: 1
  
  So a Windows phone is somehow going to be better?
  Yes, updates are direct from MS rather than the carrier.
  And personally I find the interface a lot nicer than the android one.
5. Re:To Be Honest by cbhacking · 2015-10-19 10:54 · Score: 1
  
  Well, WP does have pretty strict limits on how much OEMs and carriers are allowed to screw with the devices, or at least did for WP7.x and 8.x. Not sure what the policies for W10M will be yet. Among those limitations is a requirement that carrier-installed apps be removable (though in practice the apps may simply be UI for carrier stuff that is included in the firmware and stays when the app is removed, like T-Mobile's WiFi Calling), and that the primary shell UI not be modified. WP app compatibility is also much better between devices than Android app compatibility, though some very-low-end phones are still unable to run some of the most demanding games. As for updates, there's the Preview for Developers program (get OS updates the moment that MS releases them, without waiting for OEM and carrier approval) and the Windows Insider program (get pre-release OS updates to help test), both of which are free and are available for all phones (though Windows Insider builds aren't always available for all phones initially). Those factors avoid a lot of the Android fragmentation.
  
  --
  There's no place I could be, since I've found Serenity...
6. Re:To Be Honest by Anonymous Coward · 2015-10-19 10:55 · Score: 0
  
  Its not any worse than Android is what he is saying.
7. Re:To Be Honest by Anonymous Coward · 2015-10-19 13:19 · Score: 0
  
  So a Windows phone is somehow going to be better?
  Windows anything is Microsoft spyware, Microsoft malware, and even Microsoft adware. Spyware, malware, and adware are never better.
  Latest:
  http://www.zdnet.com/article/how-to-disable-windows-10-start-menu-ads/
  http://www.zdnet.com/article/windows-10-upgrade-nags-become-more-aggressive-offer-no-opt-out/
  Latest fuck you:
  Fuck you Microsoft
  http://tech.slashdot.org/comments.pl?sid=8136977&cid=50684439
  If you are using any of the new spyware shit in Windows you are a certified idiot.
  distrowatch.com
8. Re:To Be Honest by Anonymous Coward · 2015-10-19 16:57 · Score: 0
  
  Yes ... you will get updates.
  What you won't get is APPs.
Data caps as vulnerability by Anonymous Coward · 2015-10-19 06:47 · Score: 1

4G is a vulnerability in itself, given how quickly you can use your month's worth of data...
1. Re:Data caps as vulnerability by sims+2 · 2015-10-19 07:02 · Score: 1
  
  Ikr I downloaded ios 9.0.2 this morning 1.42GB in under 10 minutes. Would have taken at least 15 minutes on dsl.
  
  --
  Minimum threshold fixed. Thanks!
2. Re:Data caps as vulnerability by behrooz0az · 2015-10-19 08:04 · Score: 1
  
  actually, it would take less than 2 minutes if you were using 4g, 10 minutes is for 3g
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
3. Re:Data caps as vulnerability by sims+2 · 2015-10-19 08:56 · Score: 1
  
  verizons 3g service tops out at 3mbps under ideal conditions here
  verizons 4g lte service runs somewhere between 10 and 40mbps
  on verizon's 3g it would take me over an hour to download 1.42GB even with the best case scenario.
  
  --
  Minimum threshold fixed. Thanks!
4. Re:Data caps as vulnerability by behrooz0az · 2015-10-19 17:51 · Score: 1
  
  must suck to use verizon
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
Hmmm ... by gstoddart · 2015-10-19 06:49 · Score: 3, Interesting

So, if it's us who can get ripped off, they'll do nothing to fix this. If it's them who can get ripped off, they'll try to get lawmakers to outlaw that so they don't have to do anything to fix it.
Should we continue to expect telcos to be inept and indifferent to this, and not give a crap if their customers are getting ripped off?

--
Lost at C:>. Found at C.
1. Re:Hmmm ... by wasteoid · 2015-10-19 07:10 · Score: 2
  
  Yes
2. Re:Hmmm ... by Anonymous Coward · 2015-10-19 09:55 · Score: 0
  
  Why would you expect them to change now when it has worked for the last century?
Android wins on openness and marketshare by rsborg · 2015-10-19 06:53 · Score: 0

"Only Android devices are affected, iOS users are safe"
Ah, Android, is there anything you don't fail at?
Android is open! And it still has higher marketshare than iOS!

--
Make sure everyone's vote counts: Verified Voting
1. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 07:18 · Score: 0, Offtopic
  
  Long term support, sideloading apps, open market, ability to configure the phone how you want, ability to have the phone operate how you want, ability to use custom ROMs...
2. Re:Android wins on openness and marketshare by 0123456 · 2015-10-19 07:32 · Score: 2
  
  There's a new iPhone coming, better get back in line at the Apple store.
  But Apple's not forcing you to buy it by making your old phone obsolete.
3. Re: Android wins on openness and marketshare by cyber-vandal · 2015-10-19 07:38 · Score: 1
  
  No people voluntarily sleep rough to own one when they can just order one over the Internet. There's something seriously messed up about that.
4. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 07:47 · Score: 0
  
  ehm... not so sure about that..
  Just check the first 30 hits on google..
  https://www.google.se/search?q=iphone+ios+updates+performance
5. Re:Android wins on openness and marketshare by chipschap · 2015-10-19 08:03 · Score: 1
  
  Guess again. iOS updates don't do well on older phones by design.
6. Re:Android wins on openness and marketshare by BronsCon · 2015-10-19 08:27 · Score: 5, Interesting
  
  But they run. Or so I hear.
  
  Meanwhile, Nexus devices are guaranteed support for 3 years from first sale or 18mo from the final date of sale on Google Play, whichever is longer. I keep seeing claims from iPhone users that "my 4 year old phone has the latest updates" while pointing out the 18mo EOL. It universally turns out that they have the model that was released 4 years prior and not an older model they simply bought 4 years ago, and that model is still being sold. What they fail to recognize is that software support for iOS devices stops the moment Apple stops selling the device (even when carriers may continue selling them for up to a year). Well, that and the fact that, while they might be running the most recent version of iOS, they only get the most recent features on the most recent devices (I'm glaring at iOS9 for the omission of splitscreening on the iPad Air [which I own], which is more than capable of supporting it; and the sad excuse that was given for Siri only being included in iOS for the 4s when it ran just gone on the 3gs as an app before Apple bought the company).
  
  Android, and I mean true android (read: Nexus devices), on the other hand, only leaves out features that require hardware not present in the device. And, with Google's commitment to supporting the devices for a minimum of 18 months Google stops selling them, even with carriers selling the devices for up to a year after that, Nexus devices have support for at least 6 months after their last date of sale. Contrasted with iOS devices, which are still sold for up to a year after software support has ended, well, it's not hard to see why some of us prefer Android (again, Nexus).
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
7. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 08:32 · Score: 0
  
  There's a new iPhone coming, better get back in line at the Apple store.
  You're confused. You need an Android phone to perpetrate this spoofing. Anyone with an account can be a victim. They don't even need to have a phone to be a victim. That's how spoofing works.
8. Re:Android wins on openness and marketshare by Penguinisto · 2015-10-19 09:53 · Score: 2
  
  What they fail to recognize is that software support for iOS devices stops the moment Apple stops selling the device (even when carriers may continue selling them for up to a year).
  Small point of order - what you wrote is completely wrong.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
9. Re:Android wins on openness and marketshare by BronsCon · 2015-10-19 10:08 · Score: 2, Informative
  
  So they broke the pattern for a single release. Good start, let's see if they keep it up. The article you linked to even agrees with me regarding Apple's history of failing support for older iOS devices; if you read the very first sentence, you'd realize that. Here it is, for reference:
  
  In theory, the release of a new OS version from Apple is supposed to be a reason to cheer, but if you own anything but the latest hardware, that’s rarely been the case.
  And it's not like I don't have any iOS devices in my home, through which I might actually know what I'm talking about. The Gen1 iPad, iPad Air, iPad Air 2, iPhone 6 Plus (along with the iPhone 5 it replaced, the iPhone 4 that replaced, and the iPhone 3G that replaced) surely count for nothing. All of the iPads have been mine, while all of the iPhones have been my wife's, though the 1st gen iPad started out as hers and I did actually use the 3G for a few months.
  
  Nope, no experience with iOS devices at all here. None whatsoever. Except for the past 5 and a half years. Of 8 years they've been on the market. So yeah, I might not have been an iOS user from day one, but I'm not unfamiliar with the platform by any measure.
  
  Save your weak arguments for Android zealots.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
10. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 12:11 · Score: 0
  
  iOS 9 update runs on iPad's back to the iPad 2, the iPhone back to the iPhone 4S and iPod Touch back to 5th gen. This is, coincidentally, the same hardware that iOS 8 ran on. The newest kit (in terms of sale date) not on this list is the iPod Touch (4th gen) and iPhone 4, which were last sold in 2012. They were abandoned due to their single-core A4 chip and paltry 256MB RAM. Apple also makes the upgrades available across all devices on day one. No staggered releases. Only Google's Nexus line comes even remotely close to this level of support, yet Google allows their OEM and carrier partners to continue to sell (and even launch) devices based on non-current Android builds, with no upgrade path.
11. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 13:47 · Score: 0
  
  Who cares if it's "obsolete" as long as it still works. Nobody has to replace their phone just because their 2 year contract has expired.
12. Re:Android wins on openness and marketshare by BronsCon · 2015-10-19 13:54 · Score: 2
  
  Google's Nexus line is actually what I was referring to. I apologize for only stating that four times in my comment.
  
  I do agree that Google should crack down on their OEM partners' shoddy support, but that does not take away from the Nexus line. Honestly, though, vanilla Android provides a better experience not just in my opinion, but also in the opinions of people who've compared my Nexus 6 to their Android device; given that, even if the OEM partners shaped up their support game, unless they did so by shipping vanilla Android (which would allow Google to support the devices directly, anyway), I (and for future purchases, those who've gotten to play with my Nexus 6 next to their various devices) will be sticking to the Nexus line. From that perspective, no other line of Android devices even comes close to being relevant.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
13. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 16:21 · Score: 0
  
  iOS 9 update runs on iPad's back to the iPad 2, the iPhone back to the iPhone 4S and iPod Touch back to 5th gen.
  You ever actually try running iOS 9 on an iPhone 4S?
  OK, technically I haven't either, because I just gave up on using it after installing iOS 8 to it. Big mistake. Sure, iOS 8 is available on iPhone 4S, but in no terms should you install it.
  But I did try iOS 9 on an iPhone 5S. Same thing: it installs, sure, but it manages to make the Home Screen run sluggishly and it's clearly only intended to be used on the 6 and 6s.
  Bottom line: BronsCon is right. Apple "supports" older devices but they do it by making those older devices essentially unusable should you be foolish enough to "upgrade." Or forced to upgrade if you want security fixes.
14. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 16:38 · Score: 0
  
  Dafuq do you make a grid of 5x5 icons lag?
15. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-19 16:50 · Score: 0
  
  I agree with you. If it still working there is no need to buy a new one. Specially when you get updates to the software.
  But most Android phones are obsolete the day you buy it. Why?? Because it usually comes with an OS at least 3 revisions behind and there is very little chance you will get even one fix to the thousands of vulnerabilities that were fixed in the 3 updates, much less the thousands of known that are unpatched and the thousands that are still unknown.
16. Re:Android wins on openness and marketshare by TheRaven64 · 2015-10-19 21:28 · Score: 1
  
  I do agree that Google should crack down on their OEM partners' shoddy support
  Google created the problem. The Android ecosystem has lots of competition from hardware vendors, so margins are razor thin. The only company that makes money from it is the company that takes a cut of all app sales (i.e. Google on most phones, Amazon on phones with their market installed and I think Samsung also has their own app store).
  Google could easily have fixed this by having some kind of revenue-sharing agreement with vendors that ship the Google Play store: if you're getting 5% of all app sales (still leaving Google with 25%), then you've suddenly got an incentive to ensure that the phone that you sold two years ago still receives the updates that it requires to run the latest apps. Particularly if the market will detect vulnerable versions of Android and refuse to install apps that use the vulnerable subsystems...
  
  --
  I am TheRaven on Soylent News
17. Re:Android wins on openness and marketshare by TheRaven64 · 2015-10-19 21:31 · Score: 1
  
  People who don't want to have a device that spends 100% of its time connected to a network and has remotely exploitable vulnerabilities. Try reading this paper for an overview of how long Android phones go without vulnerabilities (note that the latest Stagefright exploit, that affects all versions of Android since 1.5 was discovered after the paper).
  
  --
  I am TheRaven on Soylent News
18. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-20 02:01 · Score: 0
  
  Many (most?) new Android phones are under $100 (not $100 + contract). Even then, these phone have often run KitKat which was only 1 version old until very recently. When Apple starts selling sub-$100 (and sub-$50) unsubsidized phones, let's talk.
  
  anon because I have modded
19. Re:Android wins on openness and marketshare by RavenLrD20k · 2015-10-20 02:24 · Score: 1
  
  public void OnSwipe(move.Start[] coordStart, move.End[] coordEnd){ - System.Threading.Thread.Sleep(rand()*5000); - moveScreen(coordStart, coordEnd); }
20. Re:Android wins on openness and marketshare by Penguinisto · 2015-10-20 02:48 · Score: 1
  
  You forgot the context of that first sentence - namely, that new software releases have (at least in previous releases) slowed down older hardware. That does not invalidate anything I've written. ;)
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
21. Re: Android wins on openness and marketshare by BronsCon · 2015-10-20 03:02 · Score: 1
  
  That is the first viable soluion I've heard to the problem. Good on you for coming up with it; I'm guessing you're the first person to respond to one of my comments on the topic who isn't an Apple or MS (eesh) fanboi.
  
  Ma'm (and please correct me if my gender assumption is incorrect), it is refreshing to once again see intelligent discussion on Slashdot and, for that, I thank you. It's a pity that you'll probably be moderated into oblivion for it.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
22. Re: Android wins on openness and marketshare by BronsCon · 2015-10-20 03:11 · Score: 1
  
  My experience differs from the realoty you are implying. Mind you, that is largely colored by the original iPad (which I still have) and the iPhone 3G, as those are the first iOS devices I actually used for any length of time. The iPhone 4 and 5 were my wife's and the 6+ (also my wife's) and both iPad Air models are still sold by Apple.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
23. Re:Android wins on openness and marketshare by macs4all · 2015-10-20 04:58 · Score: 1
  
  Android is open!
  Yes. Yes it is. Perhaps a little TOO "open", yes?
  
  And it still has higher marketshare than iOS!
  Perhaps true, in the sub $100 shitbox phone category. But nowhere else. And phones and tablets that are sitting in desk drawers unused don't count.
24. Re:Android wins on openness and marketshare by macs4all · 2015-10-20 05:00 · Score: 1
  
  Guess again. iOS updates don't do well on older phones by design.
  Sure. That's why Apple has released Updates specifically to address performance issues on older devices.
25. Re:Android wins on openness and marketshare by macs4all · 2015-10-20 05:12 · Score: 1
  
  What they fail to recognize is that software support for iOS devices stops the moment Apple stops selling the device
  
  Right. That's why they released an iOS update specifically for the FIRST GENERATION iPad in May, 2014, and why my iPad 2 and iPhone 4s are STILL supported in iOS 9.
  
  and the fact that, while they might be running the most recent version of iOS, they only get the most recent features on the most recent devices (I'm glaring at iOS9 for the omission of splitscreening on the iPad Air [which I own], which is more than capable of supporting it; and the sad excuse that was given for Siri only being included in iOS for the 4s when it ran just gone on the 3gs as an app before Apple bought the company).
  You don't know if the GPU built into the processor in your IPA is capable of supporting two GraphPorts. I would suspect that is NOT the case; because the REGISTERS are simply not there to stuff with the begin/end coordinates, etc. Prove me wrong.
  
  Same thing with Siri. Apple's implementation of Siri (as opposed to the generic App) obviously was changed to leverage custom HARDWARE in the SoC that simply didn't exist pre-iPhone 4s (which, curiously enough, is the same excuse you allow for Google and Nexus).
  
  Why is it that you allow for the "insufficient hardware resources" excuse for Google and Nexus; but not for Apple and iOS Devices? You have absolutely no insider knowledge that could prove otherwise; so, until then, STFU.
26. Re:Android wins on openness and marketshare by macs4all · 2015-10-20 05:28 · Score: 1
  
  And it's not like I don't have any iOS devices in my home, through which I might actually know what I'm talking about. The Gen1 iPad, iPad Air, iPad Air 2, iPhone 6 Plus (along with the iPhone 5 it replaced, the iPhone 4 that replaced, and the iPhone 3G that replaced) surely count for nothing
  And let's just see how many are still supported in iOS 9:
  
  iPad Air - Check!
  iPad Air 2 - Check!
  iPhone 6 Plus - Check!
  iPhone 5 - Check!
  
  So, out of your curiously overlapping models (why do you feel the need to upgrade virtually EVERY cycle?), 4 out of 7 of your iOS Devices are STILL being actively Supported, and one (the Gen1 iPad, released April 2010) had its last update only a year ago, and the other 2 are over 5 years old (iPhone 3G, released July 2008; iPhone 4, released June 2010).
  
  So, since you obviously own many iOS Devices (many more than I have, BTW), including some very recent models (iPhone 6 plus, which I also have, and am very pleased with), why do you spend so much time bashing them with the same rhetoric time and again in these forums? Something doesn't add up.
27. Re:Android wins on openness and marketshare by macs4all · 2015-10-20 05:32 · Score: 1
  
  Google created the problem.
  
  And Google can fix the problem. But it doesn't.
  
  Why?
28. Re:Android wins on openness and marketshare by BronsCon · 2015-10-20 05:38 · Score: 1
  
  Right. That's why they released an iOS update specifically for the FIRST GENERATION iPad in May, 2014
  A quick bit of fact checking (e.g. firing up my first gen iPad and checking) reveals this as complete and utter bullshit.
  
  You don't know if the GPU built into the processor in your IPA is capable of supporting two GraphPorts.
  Actually, that's how app sidebarring (I'm not sure what the official name is) works, and the IPA does this just fine.
  
  I would suspect that is NOT the case; because the REGISTERS are simply not there to stuff with the begin/end coordinates, etc. Prove me wrong.
  I think I just did. And I would certainly hope this was supported, as the Motorola Atrix I owned back in 2011 (256MB of RAM, sub-gHz dual-core 32-bit CPU) was able to function as a laptop (it had a dock which included a display, keyboard, trackpad, USB hub, and extended battery) while still also functioning as a phone; e.g. dual display and multi-application. At the quite underpowered (by today's standards) Atrix could to it, and quite well, I'd hope the IPA released in 2013 with 4x as much RAM and a 64-bit CPU clocked almost twice as fast (on top of having a larger instruction set) and with a much more powerful GPU could handle it.
  
  Same thing with Siri. Apple's implementation of Siri (as opposed to the generic App) obviously was changed to leverage custom HARDWARE in the SoC that simply didn't exist pre-iPhone 4s
  But the software implementation still worked, just a bit slower. Why kill it?
  
  (which, curiously enough, is the same excuse you allow for Google and Nexus).
  Yes and it is a perfectly valid reason not to enable a feature that actually required hardware, like NFC or fingerprint scanning. If you can write software to add support for those features to devices lacking the hardware to support them, I suggest you patent that shit ASAP.
  
  Why is it that you allow for the "insufficient hardware resources" excuse for Google and Nexus; but not for Apple and iOS Devices?
  Did I say anything about lack of support for Apple Pay on phones older than the iPhone 6? No. Want to venture a guess as to why? Let me help you understand: the NFC hardware doesn't exist in those phones, so it makes sense not to include the feature that requires it. Same for fingerprint scanning and the iPhone 5 and older. Not so for Siri, for which a working and supported software implementation was not only possible, but existed for a full year before Apple took it away.
  
  You have absolutely no insider knowledge that could prove otherwise; so, until then, STFU.
  Unless you are implying that iPhones suddenly became incapable of running software that they had been able to run for a full year before Apple nixed the app (when they released Siri as a feature in the 4s), I'm not sure what insider knowledge I might need in order to be able to call Apple out on that. Likewise, unless you are implying that the second most recent iPad model contains less capable hardware than an Android phone several generations old and more than twice its age, I'm not sure what insider knowledge is necessary to debunk Apple's omission of splitscreening on the iPad Air.
  
  To take it even farther, I live in the bay area, less than 90 minutes from 1 Infinite Loop, and actually have friends working at Apple, in real life and not just on the intertubes. They don't argue with my assessment, or try to defend their employer's actions; on the contrary, they confirm that it is technically possible and that I am correct. And yes, one of them works on iPad hardware and the other works on iOS. Is that insider enough for you?
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
29. Re: Android wins on openness and marketshare by macs4all · 2015-10-20 05:40 · Score: 1
  
  That is the first viable soluion I've heard to the problem. Good on you for coming up with it; I'm guessing you're the first person to respond to one of my comments on the topic who isn't an Apple or MS (eesh) fanboi.
  
  Ma'm (and please correct me if my gender assumption is incorrect), it is refreshing to once again see intelligent discussion on Slashdot and, for that, I thank you. It's a pity that you'll probably be moderated into oblivion for it.
  I agree that is a nice idea; but not a viable one; because, at a measly 5%, it simply isn't "enough skin in the game" for the OEM to go through all the extra testing to make sure a new build still runs ok on the old hardware. For example, all it takes is one array expansion and what SEEMS like it ought to be fine, ends up crashing repeatedly on 90% of last-year's model. 5% just ain't worth it for an OEM.
  
  And then there's the Carriers... Where's their incentive?
30. Re:Android wins on openness and marketshare by BronsCon · 2015-10-20 05:40 · Score: 1
  
  Oh, in case you missed it, I gave Apple and Google both the same pass on features requiring actual hardware (e.g. NFC and fingerprint scanners).
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
31. Re: Android wins on openness and marketshare by BronsCon · 2015-10-20 05:44 · Score: 1
  
  For example, all it takes is one array expansion and what SEEMS like it ought to be fine, ends up crashing repeatedly on 90% of last-year's model. 5% just ain't worth it for an OEM.
  On one hand, the OEM doesn't have to maintain the store; Google does. On the other hand, maybe Google gives up 10%. And remember, that's of the purchase price of the apps, not of Google's 30%.
  
  And then there's the Carriers... Where's their incentive?
  Ask Google, Apple, and Microsoft how they get their updates approved. I'm sure that will work for the OEMs, as well. I mean, it must be working for the OEMs, as well; though they are few and far between, non-Nexus Android updates do exist in the wild.
  
  Also, why does it seem that every time I post in an Android or iOS discussion, you come along and comment? You must like me.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
32. Re:Android wins on openness and marketshare by BronsCon · 2015-10-20 05:51 · Score: 1
  
  So, out of your curiously overlapping models (why do you feel the need to upgrade virtually EVERY cycle?)
  There was a 3Gs between the 3G and 4, a 4s between the 4 and 5, and a a 5s between the 5 and 6+. Beyond that, these have been my wife's phones and not mine; and they were upgraded because they each started having battery, screen, or button issues just as their warranties expired. As for the iPads, there were a number of them released between the first gen and the Air, were there not? I gave my wife the Air when I bought the Air 2. I don't think it unreasonable for two people to have two iPads.
  
  why do you spend so much time bashing them
  There is a huge difference between bashing and dissent. I voice my dissent in the hope that the company will hear my voice and course-correct before I have to find an alternate platform. Should I just sit on my hands and watch the company slowly alienate me as a customer?
  
  Something doesn't add up.
  Indeed, I can't figure out why you follow me around on here to try and start arguments.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
33. Re:Android wins on openness and marketshare by macs4all · 2015-10-20 05:58 · Score: 1
  
  To take it even farther, I live in the bay area, less than 90 minutes from 1 Infinite Loop, and actually have friends working at Apple, in real life and not just on the intertubes. They don't argue with my assessment, or try to defend their employer's actions; on the contrary, they confirm that it is technically possible and that I am correct. And yes, one of them works on iPad hardware and the other works on iOS. Is that insider enough for you?
  They don't argue with you, because they are tired of hearing it, and want to still be friends.
  
  Has any of them come to you and said "Listen to what Apple's doing now! This is total bullshit! They could easily make [x] happen, and are crippling it on purpose just to sell the new model." And of course you can't code a fingerprint reader or touch-sensitive digitizer into a product, duh! But your complaint about Siri is unfounded. Sure, Apple could maintain two complete versions of Siri, but I would bet that wouldn't be a small thing to just have lying around dormant in most Devices; so they made a decision to drop the software version. Happens.
  
  As for your argument about the Atrix, that's a complete strawman. It runs a different SoC, with a different GPU, and in fact, could have had capabilities that were not included in the Ax SoCs until later. Do your friends say different?
  
  As for your bald-assertion that the IPA can support App-Sidebarring (sorry, don't know what you mean) that that automatically means it should be able to support split-screening may or may not be true. And what about the additional RAM requirements? Does the IPA have enough for full split-screening, and having two active Apps at one time? It isn't just the GPU, you know...
34. Re: Android wins on openness and marketshare by macs4all · 2015-10-20 06:04 · Score: 1
  
  Ask Google, Apple, and Microsoft how they get their updates approved. I'm sure that will work for the OEMs, as well. I mean, it must be working for the OEMs, as well; though they are few and far between, non-Nexus Android updates do exist in the wild.
  Well, for Apple, it's simple: They were smarter than Google, and kept control of their products all the way through the Distribution Chain.
  
  Also, why does it seem that every time I post in an Android or iOS discussion, you come along and comment? You must like me.
  Turn the question around: Why does it seem that you have to post the same Apple-Hate comments every time there is an Android or Apple Article? I'm simply there to prevent you from your lies and exaggerations being the "last word".
35. Re:Android wins on openness and marketshare by BronsCon · 2015-10-20 06:25 · Score: 1
  
  They don't argue with you, because they are tired of hearing it, and want to still be friends.
  There's a vast space between not arguing and confirming. They don't "not argue", they confirm. We've had a number of discussions pondering the reasons and yes, the iOS guy has started a couple of those.
  
  Sure, Apple could maintain two complete versions of Siri,
  Really? The dedicated hardware is an ASIC implementation of the software voice decoder. It doesn't change, so the software needn't change, either. There's nothing to maintain, there; the API is set in stone the moment it's burned to a chip. Google has no problem implementing a software keystore for devices with NFC but no hardware keystore, while utilizing the hardware keystore where one exists, for Google Wallet and other supported payment systems on Android. It can't possibly be that hard.
  
  but I would bet that wouldn't be a small thing to just have lying around dormant in most Devices; so they made a decision to drop the software version.
  Or simply left out of the ROM for devices with the necessary hardware. The interface would simply be a module; plug in the software decoder for devices lacking the hardware, plug in the driver in devices that have the hardware. It's actually really simple and I do it all the time when developing for mixed platforms; do you have any experience in the field?
  
  App-Sidebarring (sorry, don't know what you mean)
  This. And, for comparison, splitscreening and Picture-in-picture (which is also supported on the IPA). Picture-in-picture is, for all intents and purposes, running two applications in the foreground with multiple GraphPorts; one application being the one you are actively using, the other being the video player, which has its own GraphPort which actually overlaps the "main" one, a more technically taxing feat than having two next to each other. And both GraphPorts are able to accept input (you do get video controls when using Picture-in-Picture), so that's not the technical challenge they couldn't overcome on the IPA, either. The sidebar (apparently it's called "Slide Over") screenshot clearly demonstrates the use of multiple GraphPorts, as well; in fact, the menus that can slide from the top and bottom of the screen demonstrate this, and those are supported on literally every iPad model, and have been since at least iOS 4 (which is ran on the first iOS device I used and, thus, as far back as I can confirm).
  
  And what about the additional RAM requirements? Does the IPA have enough for full split-screening, and having two active Apps at one time?
  Considering that iOS doesn't drop backgrounded apps from RAM, it just pauses their execution, I'm going to say yes. Especially given that Android has been able to support multiple simultaneous applications since the days when 256MB was high-end. If the IPA can't manage that in 1GB, perhaps Apple's engineering team isn't as great as we all want to believe.
  
  Bottom line, it's either incompetence or planned-obsolescence. My friends at Apple prefer to think it is not incompetence, and so do I.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
36. Re:Android wins on openness and marketshare by BronsCon · 2015-10-20 06:26 · Score: 1
  
  My bad, I should have provided the original source for the linked images. Since you're clearly unfamiliar, here you go, including explanations of the three distinct features and which models support them.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
37. Re: Android wins on openness and marketshare by BronsCon · 2015-10-20 07:11 · Score: 1
  
  Well, for Apple, it's simple: They were smarter than Google, and kept control of their products all the way through the Distribution Chain.
  And yet Android demolishes iOS in market share. The people have spoken.
  
  Apple-Hate comments
  You couldn't be more off-base; my dissent is not out of hate. And yes, I really do own and regularly use the Apple products I claim; here is a partial glimpse at my battlestation, depicting the iPad Air (my wife and I recently traded, as the Air 2's display does not play well with the Adonit Jot Touch pen I bought) and two of three displays driven by the MacBook Pro Retina that generally stays locked in a cabinet unless I'm traveling. You'll not, for authenticity, that this post is partially written on the leftmost display.
  
  Yes, this is truly the desktop of a man who hates Apple.
  
  Get a clue.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
38. Re: Android wins on openness and marketshare by BronsCon · 2015-10-20 07:13 · Score: 1
  
  typo... "You'll not," sould be "You'll note,".
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
39. Re:Android wins on openness and marketshare by davester666 · 2015-10-20 07:21 · Score: 1
  
  haha. long term support. Literally ZERO Android phone manufacturers provide updates to their phones as long as Apple does.
  
  --
  Sleep your way to a whiter smile...date a dentist!
40. Re:Android wins on openness and marketshare by davester666 · 2015-10-20 07:27 · Score: 1
  
  The 1st gen iPad actually got shafted for support, compared even to iPhones of the same vintage. One major update and that was all. It did NOT get an update last year [in 2014].
  It shipped with iOS 4.2.x, and then got iOS 5.x, and iOS 6 was iPad 2 and later.
  
  --
  Sleep your way to a whiter smile...date a dentist!
41. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-20 18:22 · Score: 0
  
  Google's Nexus line is actually what I was referring to. I apologize for only stating that four times in my comment.
  https://googleblog.blogspot.de...
  
  So today we’re announcing that a founding team of industry leaders, including many from the Open Handset Alliance, are working together to adopt guidelines for how quickly devices are updated after a new platform release, and also for how long they will continue to be updated. The founding partners are Verizon, HTC, Samsung, Sprint, Sony Ericsson, LG, T-Mobile, Vodafone, Motorola and AT&T, and we welcome others to join us. To start, we're jointly announcing that new devices from participating partners will receive the latest Android platform upgrades for 18 months after the device is first released, as long as the hardware allows...and that's just the beginning. Stay tuned for more details.
  So much for that promise.
42. Re:Android wins on openness and marketshare by Anonymous Coward · 2015-10-20 18:40 · Score: 0
  
  Missing hardware is no reason to not offer a feature - many Android phones pretend to have gyroscopic sensors by faking something together from accelerometers and the compass.
43. Re:Android wins on openness and marketshare by macs4all · 2015-10-20 20:43 · Score: 1
  
  Missing hardware is no reason to not offer a feature - many Android phones pretend to have gyroscopic sensors by faking something together from accelerometers and the compass.
  Depends on the hardware, and the feature, moron.
  
  Let's see you fake some NFC communications, Biometric sensors, or force-sensitive touchscreen, genius.
  
  Apple does some of that "faking" too. For example, They faked gyros before they had them, just like Android, and they currently fake GPS on the iPod Touch using WiFi location data. And on the Application level, many Apps, notably Games, have to adjust their behavior depending upon the iOS Device/iOS Version that they are running on.
  
  But sometimes, you just can't code your way out of hardware requirements.
  
  BTW, this happens on Android, too, dumbass.
44. Re:Android wins on openness and marketshare by BronsCon · 2015-10-21 16:36 · Score: 1
  
  You weren't hard enough on that AC. And I mean that sincerely.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
45. Re:Android wins on openness and marketshare by macs4all · 2015-10-21 19:31 · Score: 1
  
  You weren't hard enough on that AC. And I mean that sincerely.
  LOL, thanks!
  
  I HATE ACs with a purple passion. 99% of genuine! unbridled, over-the-top Apple Hate (and I do mean pure Apple Hate, not Anti-Apple debate) comes from Karma-Fearing ACs, and I just get sick to DEATH of it!!!
  
  You and I have gone after each other hammer and tongs quite a few times; but in the end, I respect your opinion, in no small part because you're willing to lay your Karma on the line and fight like a human...
  
  I REALLY wish /. Would get rid of ACs; but like some sick Reality-Show Producers, the Powers-That-Be at Dice/Slashdot KNOW that ACs bring Controversy, and Controversy brings Page-Views... And like sad Reality-Show Contestants,we just keep on getting sucked into the fray...
  
  BTW, I wasn't ducking your last Post. I actually do have quite a bit of paid experience in embedded design (about 40 year's worth), but unfortunately that does NOT include any iOS development, but mostly in industrial real-time measurement and control systems and products. Although, like you, I have used Macs for development work (including back in the 80's and 90's, when it was quite challenging to find Mac-based tools!). However, since the embedded development market has devolved into almost exclusively short-term Contract work, for the past few years, and probably on into retirement, I write Windows Application Code for a living (retch!!!)
  
  Unfortunately, I do not have the luxury of living 90 mins. from 1 Infinite Loop (and yes I am sincerely jealous), but rather am stuck in the embedded-design desert of Indiana; so I concede that you probably have better "insider" information about Apple than do I.
  
  However, as a user of Apple Products since the Apple 1 (which I still have), and a user of Macs since they were Lisas (and I don't mean Macintosh XLs), and a long-time acquaintance of Woz, I really do believe that Apple is not just another company; but rather, at least most of the time, really DOES try to do better, and really DOES value its Customers, and their Privacy and "Product Experience" (to borrow an overused Microsoft Marketing phrase), and since I sincerely believe that they have the best OS overall for both Desktop and Mobile, I will continue to use (and defend, when necessary) their products and business practices until I Feel Different(tm). ;-)
  
  Completely off-topic: Do you or your friends know how to once-and-for-all cure the dreaded "Greyed Songs" problem in iTunes?!?! I have a friend that, after getting frustrated with the lifespan of his (many) iPod Classics, finally got fed up and bought a Fiio X5 Gen 2 music player. Fairly nice specs, and had nice things like SDXC card storage; but the "OS" SUUUUCKED, and after not being able to even have bloody Playlists on the thing without learning to Code (he is NOT a developer in any form), at my urging, he bought an 128 GB iPod Touch, 6th Gen. Well, in addition to having ABYSMAL battery life (like 4 hours just playing music, rather than the 40 hours claimed), he also has several songs in his huge collection (he claims it's always the same songs) that are greyed-out in iTunes, and nothing I have been able to Google has helped. He has synced with a USB cable several times (although he hasn't done a complete wipe and reload of the iPod's Music Library), and has tried almost every internet-forum witchery imaginable, but still the greyed songs remain. So between that and the ridiculous battery life, he is (understandably) ready to throw in the towel and return the iPod and go back to his Fiio.
  
  Do you or your friends have any suggestions? This is the most non-Apple experience I have ever seen, and it is turning a Windows User on the verge of switching to Macs (rather than suffer Windows 10, Spyware Edition) and a long-time iPod User, into someone who will likely never own another Apple Product, even though his wife has been a Mac user for over a decade.
46. Re: Android wins on openness and marketshare by BronsCon · 2015-10-21 19:54 · Score: 1
  
  Ahh, fun stuff. I had this happen with a gen 4 classic and a gen 1 nano. On the classic it was the result of an interrupted sync (accidentally yanked the cable), on the nano it was a case of manual sync getting confused. It was fixed on the classic by telling it to shut down, then turning it back on; the gray songs (which hadn't succesfully synched) were gone and plugging it back in caused it to sync successfully. I had to reset the nano, though, and sync it from a fresh (empty) state. Apparently, the iPod will report manually synched tracks as being present if there is a database entry on the device, even if the file is missing or damaged. Because the device says the file is there, iTunes doesnt sync it; and because the file actually isn't there, the device obviously can't play it.
  
  If restarting and resetting don't work (or if you're talking about gray tracks in iTunes rather than on the iPod itself), drop me a line via email so we don't end up spamming /. with details about your buddy's iPod.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Re:Let me guess. by GrumpySteen · 2015-10-19 06:55 · Score: 5, Interesting

Let me guess... you didn't read the paper. Oh look, my guess was right while yours were not.
To be fair, that wasn't actually a guess. Every assumption you made was wrong, so it's pretty obvious that you didn't bother looking at the paper to see if you were even close to correct.
Hardly need spoofing in Canada by ramriot · 2015-10-19 06:59 · Score: 3, Interesting

The security issues are not even needed to get over-billed in Canada. With stock Android 5.1 or above (including the latest Marshmallow), use on either of the two main budget carriers can result in roaming data charges even when roaming data is disabled.
In seams, because of a programming decision as to how Android tells if it is roaming inside of a shared NVNO region and the odd decision of these two carriers to mimic in network names when using partner carriers the phone will ignore the users selection to not use roaming data and thus incur charges in the range of $1/MB.
1. Re:Hardly need spoofing in Canada by Anonymous Coward · 2015-10-19 07:05 · Score: 1
  
  Citation?
2. Re:Hardly need spoofing in Canada by ColinPL · 2015-10-19 07:40 · Score: 2
  
  https://productforums.google.c...
  http://www.howardforums.com/sh...
Sounds like a feature to me! by Overzeetop · 2015-10-19 07:02 · Score: 2

"create direct peer-to-peer connections between two users without being monitored by the carrier, which, in turn, allows for free data communications"
That sounds like a app that would be nice to have if you're in the middle of nowhere without cells, but want to stay connected to friends in your party.

--
Is it just my observation, or are there way too many stupid people in the world?
1. Re:Sounds like a feature to me! by NotInHere · 2015-10-19 07:06 · Score: 1
  
  A good way to fix a vulnerability where you can send data without being charged is by charging for that data. Its always something better to say "we fix a vulnerability pointed out by security researchers" than to say "we demand money for using our infrastructure even if it is not involved".
2. Re:Sounds like a feature to me! by sims+2 · 2015-10-19 07:14 · Score: 1
  
  Sounds like a walkie talkie. IIRC you used to be able to buy phones with this feature they had a separate radio that operated on frs/gmrs.
  
  --
  Minimum threshold fixed. Thanks!
3. Re:Sounds like a feature to me! by Anonymous Coward · 2015-10-19 07:25 · Score: 0
  
  Or like Nextel had.
Blackberry Priv? by Anonymous Coward · 2015-10-19 07:31 · Score: 0

That could be the answer to alot of this. The privacy tech in there seems to be potentially able to add a spigot of sorts to control data flow from the phone. I was researching the phone and was excited to see the DTEK technology. Might make it harder to root, but honestly I would much rather have a secure phone than data leakage all over the place. Surprised Blackberry came out with this. They always had pretty secure software, so I imagine they brought that to Android. I'm waiting it out until after reviews are in of course, just in case it does disappoint. But looking at what has been shown so far I am impressed. Might be the thing to end this crap with overbilling due to data usage.
att sucks why do they have to lock up phones? by Anonymous Coward · 2015-10-19 07:33 · Score: 0

Ms needs to say no to att only and yes to unlocked. Come on $15 in mex and can sucks hell 2gb is like a new car
Re:Let me guess. by Anonymous Coward · 2015-10-19 07:40 · Score: 0

he mad
WAAAAY Overblown! by wolrahnaes · 2015-10-19 07:49 · Score: 5, Informative

Here's a link to a page that actually describes the "vulnerabilities" they found: http://www.kb.cert.org/vuls/id...
All of them only apply to Voice over LTE environments, which are different from traditional mobile phone networks in that the LTE network is purely IP traffic so it's effectively a voice over IP call using standard protocols like SIP the same as an internet-based VoIP service would.
As someone who's been working in VoIP for over a decade I just have to laugh at this crap.
Let's start:

The Android operating system does not have appropriate permissions model for current LTE networks; the CALL_PHONE permission can be overruled with only the INTERNET permission by directly sending SIP/IP packets. A call made in such a manner would not provide any feedback to the user. Continually making such calls may result in overbilling or lead to denial of service.
Translation: A VoIP app doesn't require phone permissions if it's not accessing any of the OS' phone subsystems. No shit, sherlock.
The only way this could result in billing or denial of service is if the carrier was not properly authenticating the SIP traffic and was just assuming that anything from that phone aimed at the right IP address must be a legit call. That's 100% a carrier fault, not any flaw with the system. Do they propose that Android should be specifically watching for SIP traffic and require an app have the phone permission to be able to send it?

Apple reports that iOS is not affected by this issue.
I smell bullshit, but I don't have an iOS device to confirm. I doubt Apple requires that VoIP clients have special permissions over anything else.

Some networks allow two phones to directly establish a session rather than being monitored by a SIP server, thus such communication is not accounted for by the provider. This may be used to either spoof phone numbers or obtain free data usage such as for video calls.
This is carrier logic if I've ever heard it. Using the data service I pay for to send IP traffic (which happens to contain voice or video) directly to another user on the data service they pay for is somehow a vulnerability? Again I'm not sure how this is platform-specific.
Spoofing numbers again would require that the carrier have their network configured in a stupidly open and trusting fashion. None of my customers can spoof numbers unless I allow them to (hint: I don't) and it wasn't rocket science to set things up that way.

Some networks do not properly authenticate every SIP message, allowing spoofing of phone numbers.
Repeating themselves here, while this time acknowledging that it's the network's problem.

Some networks allow a user to attempt to establish multiple SIP sessions simultaneously rather than restricting a user to a single voice session, which may lead to denial of service attacks on the network. An attacker may also use this to establish a peer-to-peer network within the mobile network.
Well at least this time they blame the network from the start. I wouldn't limit users to a single session, that restricts 3/4 way calls, but reasonable limits are good there. Still not sure what would be wrong with endpoints directly contacting each other via the data service they're paying for.
I have no doubt that some carriers' networks are truly insecure enough to allow the spoofing and fraudulent usage described here, but that's entirely down to their own stupidity because none of these things are hard to prevent at the network level, even the ones that aren't actual problems.

--
I used to get high on life, but I developed a tolerance. Now I need something stronger.
1. Re:WAAAAY Overblown! by steveg · 2015-10-19 08:34 · Score: 2
  
  You're right, and last I looked you had to specifically switch your phone over to use VoLTE. It's not enabled by default.
  It's quite possible that IOS phones are not affected because they don't support the VoLTE functionality. I don't *know* that, but I do seem to recall that the VoLTE capability was added in the last year or two to Android phones, and older ones don't support it.
  
  --
  Ignorance killed the cat. Curiosity was framed.
"Androids"? by jlv · 2015-10-19 08:00 · Score: 1

Will this stop them of dreaming of electric sheep?
Or did the poster mean "Android phones"?
That's by jlv · 2015-10-19 08:07 · Score: 4, Informative

The Softpedia article claims
"Only Android devices are affected, iOS users are safe"
The paper cited only describes the vulnerabilities in terms of being researched on Android. Nowhere does it say that iOS cannot have these problems.
I didn't even see anything to this effect in the CERT postings.
1. Re:That's by campuscodi · 2015-10-19 08:31 · Score: 2
  
  Hi, maybe this will help: http://www.kb.cert.org/vuls/id... and this: http://www.kb.cert.org/vuls/id...
2. Re:That's by bluefoxlucid · 2015-10-19 08:33 · Score: 2
  
  Apple has claimed it's not vulnerable to e.g. sending IP packets directly to IP addresses if those IP packets are SIP packets, with no substantiation. SIP applications can use TLS as well, making packet inspection difficult.
  
  --
  Support my political activism on Patreon.
3. Re:That's by BronsCon · 2015-10-19 08:35 · Score: 3, Interesting
  
  Apple made the claim that iOS is not affected, but these are all carrier-side vulnerabilities that only require the app have the ability to send raw packets to the internet, which can certainly be done from iOS, as well as Windows. It's how VoIP apps work.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
4. Re:That's by Anonymous Coward · 2015-10-19 12:10 · Score: 1
  
  iOS apps can send TCP/UDP packets using approved APIs. You cannot use SOCK_RAW on an iPhone.
  From memory, data and voice are recommended/required to be separate with VoLTE - data connections are tunnelled or attached to a different APN and apps cannot see the carrier LTE network directly. It's a bit like 2 VLANs over a single ethernet link.
  However, since VoLTE happens at the app level rather than on the baseband, Android's hackability and security model can be convinced to expose a lot more of this to user applications.
5. Re:That's by FirstOne · 2015-10-19 22:31 · Score: 1
  
  Apple has claimed it's not vulnerable to e.g. sending IP packets directly to IP addresses if those IP packets are SIP packets, with no substantiation. SIP applications can use TLS as well, making packet inspection difficult.
  Most carriers use NAT's to reduce down the number of IP addresses needed for servicing mobile phones. That NAT usage will also block most unsolicited incoming IP level traffic. I.E. Traffic originating on mobile teleco's VoIP network will get through and no one else., so this becomes a non-issue.
6. Re:That's by bluefoxlucid · 2015-10-20 01:36 · Score: 1
  
  This is outgoing IP traffic from the mobile phone, not incoming from outside. Apple is claiming their mobile phone itself is incapable of sending a specific IP packet which another mobile phone can send just fine, unless the application has special permissions.
  
  --
  Support my political activism on Patreon.
Marketshare is irrelevant by unassimilatible · 2015-10-19 10:14 · Score: 1

Of course if you give something away people will take it. Apple only cares about profit share - who wants the poor and the Luddites (and a few thousand geeks)? Apple commands 92% of smartphone profits. Game over, man.

And nobody cares about open other than a few thousand geeks who are statistically irrelevant.

--
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
1. Re: Marketshare is irrelevant by Anonymous Coward · 2015-10-19 19:32 · Score: 1
  
  The fact that Apple could sell 15% of smartphone and get 75% of the smartphone profit in one quarter just shows how overpriced they are, essentially a lifestyle brand for conformists trying to mark themselves as successful. I like some of the Apple GUI design, and there was a time when Apple innovated, not copied android, but I don't see a compelling reason to pay more for bling.
  However the extremism of some people about the free market choice of either OS type is freakishly religious. Can't we all just get along and pick on windows phone?
2. Re: Marketshare is irrelevant by Anonymous Coward · 2015-10-20 18:55 · Score: 0
  
  The fact that Apple could sell 15% of smartphone and get 75% of the smartphone profit in one quarter just shows how overpriced they are
  Yeah, it certainly doesn't show that following the Church of Marketshare is madness for a business.
LOL, "true" Android by unassimilatible · 2015-10-19 10:19 · Score: 1

LOL, "real" Android. Android was created "open" by design so it would be adopted by phone manufacturers to save OS development money. Open, that's what all you nerds brag about; but then you complain there's only one Android made by Google that nobody even buys and we should ignore all the insecure, unsupported versions that 98% of people own? Logic fail!

--
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
1. Re:LOL, "true" Android by BronsCon · 2015-10-19 10:38 · Score: 3, Informative
  
  Open, that's what all you nerds brag about
  Where/when have I done this, so as to be lumped in with that group?
  
  but then you complain there's only one Android made by Google that nobody even buys and we should ignore all the insecure, unsupported versions that 98% of people own?
  I see, you're just trying to build a strawman. Try this on for size.
  
  It is not the fault of Google or Android that manufacturers do not support their devices. Don't like Samsung's device support? Blame Samsung and don't buy Samsung anymore. Don't like LG's device support? Blame LG and don't buy LG anymore. Don't like HTC's device support? Blame HTC and don't buy HTC anymore. I could sit here and list every manufacturer, but I'm sure you get the point by now. Google does not have the same shitty support for the devices they sell directly; their support is actually quite good. That 98% of the population buys from manufacturers that just don't give a shit does not negate that 2% of us have brains and prefer to use them.
  
  Logic fail!
  Wow, most people who make those don't manage to identify them before posting. Good on you.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Unacceptable! by SeaFox · 2015-10-19 13:10 · Score: 1

...plagued by four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS (Denial of Service) states on the phone and network, and even obtain free data transfers without being charged.

OH NOES! You can hear those carriers leaping into action when they found out that last part.
The link crashes Firefox for me by finlayson · 2015-10-19 17:11 · Score: 1

I wonder if that makes it a 'meta-vulnerability' :-)
To be honest by Anonymous Coward · 2015-10-19 17:33 · Score: 0

I don't know what the fuck you're smoking, but *all* platform updates *regardless of platform* come straight from the OEM, not the carrier.
Another Day, Another Android Exploit by macs4all · 2015-10-20 04:46 · Score: 1

Yes, iOS has had, er, ONE that could maybe have been an Exploit (but likely actually not); but Android has had about a Googolplex (haha) of them.

Why do you think that is? And don't say it's because it is the more popular platform; because that is the epitome of a strawman argument. iOS is PLENTY popular enough to be worth exploiting. So it must be something else.

Perhaps it's because the malware writers know that, on Android, the Exploit will be available on a significant number of handsets for months, even years, while conversely, on iOS, an Exploit will quickly be patched, and the patch quickly rolled-out, to most, if not all, handsets.

Android is a failed experiment as far as distribution of software fixes and updates goes. And don't blame the Carriers and OEMs. Google could put its foot down; but doesn't. Version after version; year after year; exploit after exploit.

Why?