08-06-2015 12:20 PM
@RogersAsif wrote:Hello Community
Our customers’ security is a top priority. We are aware of this potential vulnerability and are working with our device manufacturer partners to ensure our customers are protected.
As a work around we are recommending users to disable the auto-playing feature for MMS messages on their device for their Text Messaging Apps (includes built in text messaging app that came with the device, Google Hangouts or any 3rd party messaging app you may use). To do this:
- Go to App Settings
- Disable ‘Auto-retrieve’ for MMS messages in the Messaging app's settings.
*Settings may vary
RogersAsif
Wasn't that patched in yesturday's OG2 OTA? I didn't see anything specific in the changelog about stagefright. All I can say is OG2 made ram management on my phone a lot better, also it runs cooler and the battery life seems to be better sa well.
08-06-2015 11:08 PM
"Again i haven't seen this go public at all so not many are aware of this and most likely isn't a big issue if it hasn't been made public or Rogers hasn't said much about it. "
Remember that you said that...
http://www.androidcentral.com/stagefright
http://gizmodo.com/another-android-bug-that-lets-hackers-control-your-phon-1722542783
http://fortune.com/2015/08/06/google-stagefright-bug-fix-android/
http://www.zdnet.com/article/after-stagefright-samsung-and-lg-join-google-with-monthly-android-patch...
http://www.theverge.com/2015/8/5/9099627/google-stagefright-android-vulnerability-protect-patch
http://www.theguardian.com/technology/2015/aug/06/google-stagefright-megabug-patch-nexus-phones-sams...
http://www.pcmag.com/article2/0,2817,2489162,00.asp
http://www.forbes.com/sites/thomasbrewster/2015/07/30/stagefright-vulnerabilties-ready-for-testing/
https://www.eff.org/deeplinks/2015/07/horror-horror-stagefright-androids-heart-darkness
http://www.wired.com/2015/08/google-samsung-lg-roll-regular-android-security-updates/
http://global.samsungtomorrow.com/samsung-announces-an-android-security-update-process-to-ensure-tim...
My question is, will Rogers be making this patch available to ALL of their customers? I have an older model smartphone, the original note SGH-i717, and am already passed over for firmware updates. Is this going to be more of the same?
Sprint and AT&T have already rolled out security updates, and Telus was on the ball and notifying their customers six days ago, roughly around the same time you posted your first two ludicrous statements:
http://forum.telus.com/thread/54211/category/top/board/Mobility/android-s-stagefright-vulnerability
08-06-2015 11:30 PM
I think this is Samsung's call. As of what I understood, they will partner up with carriers to push security updates without going through carrier verification process that takes SOOOO LONG!! I'm pretty sure they will update all devices since the S3, but if they don't it doesn't really matter because you just have to turn off MMS Auto-Retrieve and thats it, the big bad wolf "Stagefright" is neutralized just like that. I know it's a major flaw, but the fix is so simple and anybody can do it. Social media made such a big fuss over nothing really, thanks to Zimperium for finding the exploit and telling the right people before this got in the wrong hands. Reming me of the Heartbleed, the internet exploit that would be so devastating it would change how we surf, 24 hours later, most websites had the exploit patched and nothing bad really happened.
Now, Apple has a situation on their hand over official applications being injected with malicious code that could pretty much forward all communication including keylogs, sms, phone calls, bank information and much more to hackers that are just waiting for the right naive victime...now thats a problem because it's happening right now.
08-07-2015 03:47 PM
Hey everyone,
Check out our Stagefright update here: http://communityforums.rogers.com/t5/forums/forumtopicpage/board-id/Android/thread-id/32172
RogersDarrell
08-11-2015 10:24 AM
08-13-2015 02:27 PM
@RogersDarrell Perhaps a text notification should be sent out to all devices? It's come to light that the previous patches sent out do not completely fix the issue. This is a major security issue any many people, most likely including your customers, don't know about it. Is Rogers not commited to the security of their customers' devices? Would it be that much of a pain to let them all know?
08-13-2015 04:32 PM
Not all devices or Android versions are affected. Rogers would raise a lot of unwarranted concerns by blasting everybody. Just Google to find out if your device is vulnerable.
08-13-2015 06:09 PM
08-14-2015 06:59 AM
Hello eveyone
As of this morning the Note 4 got the update for the Stagefright and a couple of other little twicks and such.
08-14-2015 11:47 AM