Apple iPhone 5, Samsung Galaxy S4 Fall to Hackers

[Guest]

Two best-selling smartphones, plus Google's Nexus 4, were quickly broken into at the Mobile Pwn2Own hacking contest.

Apple iPhone 5, Samsung Galaxy S4 Fall to Hackers : Read more

 

[jimmysmitty]

I am not surprised as the apps ask for all kinds of permissions and some don't even need them.

What I find interesting is the iOS hack. Since its a flaw in Webkit, I wonder if this flaw could be used on Safari and Chrome since both browsers use Webkit. If so that means that even on PC or Mac it's not safe.

 

[NightLight]

look how pretty that s4 looks compared to the iphone...

 

[house70]

I also find interesting the fact that Google is offering money to hackers (as prizes) to discover Chrome vulnerabilities. It's a smart tactic and pays off in the long run. If the other "hacked manufacturers" would do the same the Internet would be a much safer place.
My SGS4 had the GE version of the OS, which had been on 4.3 for a long time and will get the 4.4 by the end of the year. No Samsung bloat on it. Of course, it would be nice to see which specific apps were vulnerable, because there is a way to disable these on a phone, even a non-rooted phone.
I always read the permissions required when installing apps, and if something sounds fishy I never allow it to proceed. I've been using Android since the glorious days of Cupcake and never had any malware on any of my phones (TBH, I have never seen personally an infected Android phone, despite the apocalyptic previsions of this or that "expert").

 

[burmese_dude]

Carriers should stop installing $hitwares

 

[jurassic512]

All "crapware" should have the ability to be uninstalled and re-downloaded if desired. Or since unlocked phones are allowed, their should be an option to get a phone crapware free from your provider before you have it in your hands. aka make it optional when you sign up.

 

[guvnaguy]

Were any Windows Phone 8 devices included in this? Curious to see how it compares. Otherwise, my next phone will be a pure version of Android.

 

[ericburnby]

So they never got out of the sandbox on the iPhone but were awarded a significant sum anyway? I would have thought the award would have been relative to the seriousness of the attack.

 

[therealduckofdeath]

@jimmysmitty

Google forked their iteration of Webkit earlier this year and is now using an engine called Blink.

 

[slomo4sho]

So, moral of the story... don't visit potentially malicious sites and don't use stock browsers?

 

[excursion]

Android and IOS may have changed the look of it , but the code usually doesnt change much , if you leave a window open long enough something will eventually come through.

 

[tobalaz]

And this is why I flash a stock Android rom onto my phone and read permissions when I install apps.
Really, there's too much bloatware/ crapware crammed onto our phones that doesn't need to be there.
Flashing clean improves security, performance and battery life.

 

[hoofhearted]

setting -> application manager -> All -> <app from list> -> Disable,Force Stop,uncheck "Show notifications",Clear data

This link has some nice crapware lists (there are probably other lists out there too):
http/forum.xda-developers.com/showthread.php?t=2254143

I just wish there was an Android DeCrapfier app. I'd buy that for a dollar