Project

General

Profile

Actions

Issue #1683

closed

All Replicant versions from 4.0.3 to 4.4.4 are vulnerable to this ransomware (see details)

Added by inge gnue over 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Urgent
Category:
Security
Target version:
Start date:
04/26/2016
Due date:
% Done:

0%

Estimated time:
Resolution:
duplicate
Device:
Grant:
Type of work:

Description

https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware

"Android device in a lab environment was hit with the ransomware when an advertisement containing hostile Javascript loaded from a Web page."

Actions #1

Updated by inge gnue over 8 years ago

This makes me very concerned about using my Replicant phone at all.

The ideal situation would be an upgrade for all Replicant ports.

So far the only workaround, apart from an upgrade, looks like use of an adblocker or even better a javascript blocker in the browser. That's not to say that the ads couldn't also appear in a non http-browser app hosting ads, but thankfully most F-Droid apps are ad-free.

Actions #2

Updated by inge gnue over 8 years ago

F-Droid currently has a few options:

Privacy Browser - a browser that lets you block javascript, cookies, and DOM storage
Tint Browser + Tint Browser Adblock Addon
AdAway for blocking ads within apps
Adblock Plus for blocking ads within apps
Zirco Browser - web browser with ad blocker

And DO NOT browse the web any other way.

Actions #3

Updated by Wolfgang Wiedmeyer over 7 years ago

  • Status changed from New to Closed
  • Resolution set to duplicate

It would be better if you would at least link to an article that describes the actual vulnerability and provides information about patches. If possible, providing the patches directly or linking to them would be the best way to report a security issue.

Looks like this is about the Towelroot vulnerability which was already discussed in #1047.

Actions

Also available in: Atom PDF