According to The Register (http://www.theregister.co.uk/2011/05/16/android_impersonation_attacks/), versions before Android 2.3.4 are easily compromised. If Verizon fails to cure this issue I believe we have grounds for them to replace our phones at no charge - or a class action suit will follow.
VZW - you must cure this security hole.
Massive? That's a bit over the top. Compromised? Not the device itself, but potentially sensitive information (ex. credentials). Replace phones at no cost or class action lawsuit? Seriously?
It's only a potential issue over unsecured Wi-Fi, which is by its very nature insecure.
See info on this thread:
http://community.vzw.com/t5/Android-Discussions/Android-Exploit-Credential-Theft/td-p/531492
Let's make it very clear. I got this phone and am stuck with a 2 year contract which does not expire for a few months. Which means I can't get a new phone without paying through the nose.
If they want to hold me to my contract, then they need to support the device. The device does not require a secure WiFi connection. The operating system holes make operating the phone AS IT WAS DESIGNED unsafe to your personal information.
Therefore, Verizon may be legally required to fix this. In any event, they should either fix it or provide a heavily discounted replacement (perhaps free is too much - but not at the contract rate and no early change fee, below that). If my user data is compromised by their failure to update or replace my device, and I find that others are having the same issue, I will likely start organizing a class action suit.
jltreads wrote: Let's make it very clear. I got this phone and am stuck with a 2 year contract which does not expire for a few months. Which means I can't get a new phone without paying through the nose. If they want to hold me to my contract, then they need to support the device. The device does not require a secure WiFi connection. The operating system holes make operating the phone AS IT WAS DESIGNED unsafe to your personal information. Therefore, Verizon may be legally required to fix this. In any event, they should either fix it or provide a heavily discounted replacement (perhaps free is too much - but not at the contract rate and no early change fee, below that). If my user data is compromised by their failure to update or replace my device, and I find that others are having the same issue, I will likely start organizing a class action suit.
What about desktop computers? laptop computers? routers? Anything that uses wifi? Can you name ANYTHING that REQUIRES a secure wifi signal? You should also include Cisco, Lynksys, Netgear, HP, Apple, Dell, Gateway, etc... in your class action. I can see some big $$$$$$$ in your future.
It is your choice whether to use an unsecured wifi signal. You only have yourself to blame if you do so.
Wow - talk about not getting it. If Verizon sold me my laptop on a monthly plan with a two year contract and refused to certfiy and distribute the latest security patches for Windows 7, you bet your **bleep** I'd sue them for breach of contract. Today it is not acceptable to say "you have to pay me for 2 years for the right to own this phone but I'll stop supporting you any time, kay?"
Oh, and this issue does not affect iPhones, Laptops or Routers. Only Android pre 2.3.3. My phone is now less functional. A key feature (open WiFi connectivity) that was included when I bought it no longer works without a security breach that resulted from a poor implementation of a standard authentication model.
All I want is my phone to run the latest version of Android. It is an Android phone, after all. iPhones all run the latest release, it makes no sense to effectively EOL device support 14 months after I got the phone.
So, if I can find others in the same boat perhaps we'll request status as a class and pursue damages. How many Android phones that are not updated to 2.3.3 were purchased? That's a whole lotta liability...
