Samsung Phones Are Spontaneously Texting Users' Photos To Random Contacts Without Their Permission (theverge.com) 111
Some Samsung smartphones are randomly sending pictures from the device to a user's contacts without explicit permission, according to users and media outlets. From a report: Users are complaining about the issue on Reddit and the company's official forums. One user says his phone sent all his photos to his girlfriend. The messages are being sent through Samsung's default texting app Samsung Messages, and the photos are being sent as SMS messages. According to reports, the Messages app does not even show users that files have been sent; many just find out after they get a response from the recipient of the random photos sent to them. Samsung told the news outlet it was aware of the issue and was looking into it.
"Samsung is the best ever at everything!" (Score:1)
Move fast, break things, shoot each other in the f (Score:1, Funny)
How's that agile development coming along?
Re: (Score:3)
How's that agile development coming along?
I assume from this comment you've never gotten an OTA update from your carrier for a Samsung or any other brand. They're months and months between; hardly agile.
Re:Move fast, break things, shoot each other in th (Score:4, Informative)
It's not the release schedule that's Agile, its' the development process...
Re: (Score:1)
It's amazed me that it's called "Agile" when it's the MOST rigid and inflexible process from the developer point of view. The schedule is not allowed to slip by even a single day, ever.
Imagine getting your hair cut. Everything is going well, great haircut, then at the last minute, when she's doing the edges and finishing touches free hand with those electric clippers, you yell "QUICK!!! HURRY UP!!!!1!!!!"
That's like the last day of a sprint. Rush through those last critical details so you can make the s
Re: (Score:2)
The sprint is suppose to let shit slide to the next sprint. That's the whole point of regular mini-releases.
That doesn't help with hard endpoint feature demands by customers, but that's longer-term whole project planning.
Re: (Score:2)
It's not the release schedule that's Agile, its' the development process...
Deployment to production is the last step of an Agile sprint. Otherwise you're doing Agile halfassed.
Re: (Score:2)
Of course, slipping to another sprint is actually not deploying, so the last step is sometimes just a sprint away...
Though around here we see sprints complete, release to production, but of course the 'release' is actually part of the intended release. Parsing the meaning of 'release' is a sport on my team. I'm too optimistic, and usually lose the bet.
Wang pics aplenty!! (Score:3)
A followup question is: How many wang pics were sent out because of this?
Re: (Score:2)
Re: (Score:2)
And to who?
http://www.sandraandwoo.com/20... [sandraandwoo.com]
Re: (Score:3)
A followup question is: How many wang pics were sent out because of this?
Almost as many as chung [wikipedia.org] photos.
Re: (Score:2)
It's possible to activate the various other photo modes by sliding a finger across to the right, then picking the option (Auto, Pro, Panorama, Selective focus, Slow motion, Hyperlapse, Food, Virtual shot, Video collage or Live Broadcast) then pressing the back button. Sometimes that gets activated by accident. I've had my phone switch to front-camera mode simply because of this sensitivity.
Samsung == nope (Score:5, Insightful)
Re: Samsung == nope (Score:2)
Re: (Score:3)
BINGO. Great hardware - SHIT software.
Re: (Score:1)
I couldn't agree more. Had the Nexus 5 for 3 years. Got an LG G5 just as the G6 came out. Forgot how much crap they also install. One year later, after screen burn, gps issues and the vibrate function not working I discovered the android one project. It's like what the Nexus brand used to be. Loving my Nokia 7 plus with no bloat and guaranteed updates for 2+ years. Pixel range is far too overpriced.
Re: (Score:3)
My brother has one that just got the Oreo update (Galaxy S6 I think) and they actually removed a lot of the crapware. I hear they are going to produce a pure Android version of their latest one too.
Seems that after so very long Samsung has realized there is demand for bloat-free phones. I'm currently using a Pixel XL but Samsung hardware is quite attractive (good camera, SD card, wireless charging, replaceable battery, waterproof, USB, headphone jack) so if they do make a pure Android version I'll consider
Re: (Score:1)
I ran LineageOS on a Note II for a long time. it was great. I actually recently passed it to a friend of mine and he is still using it.
Re:No, they are not sent as SMS messages (Score:5, Informative)
It's called MMS...
Re: (Score:2)
But TFS erroneously says SMS.
Because that's what's important here, an article using the wrong acronym. FFS YDA AC
Re: (Score:2)
Re: (Score:3)
I can send several thousand SMS messages this month and it wont cost me a penny.
Each MMS message will cost me 50p. Automatically sending all the images from my phone via MMS to even a single recipient would cost me a three digit sum.
I can imagine for some people you could add a digit with ease.
Re: (Score:2)
A good reason for not keeping all your pictures on your phone.
I download all mine to local storage every couple of months or so and then clean out the phone. One, it frees up phone memory and two, if the phone gets lost or stolen, there's less for the finder to use against me.
Re: (Score:2)
Indeed. However the phone doesn't differentiate between photographs I've taken and things like the book covers for the multiple ebooks I have on it.
Re: (Score:2)
I can send several thousand SMS messages this month and it wont cost me a penny.
Each MMS message will cost me 50p. Automatically sending all the images from my phone via MMS to even a single recipient would cost me a three digit sum.
I can imagine for some people you could add a digit with ease.
Cool, so how do you send an image via SMS and not MMS?
Re: (Score:2)
Base 64 encoding? I haven't tried.
Re: (Score:2)
Re: (Score:2)
Why yes, yes I did. You were nonsensically comparing SMS and MMS costs, and although it would be a pain in the arse, it's significantly cheaper to use SMS.
Re: (Score:2)
Re: (Score:1)
(__*__)
Re: (Score:2)
My point.
Re: (Score:2)
MMS is not SMS. You can tell by looking at the first letters.
It's quite close though!
Re: (Score:2)
1% more likely in Rust (troll?) (Score:5, Informative)
I imagine this is probably a troll, but just in case:
The language chosen would have very, very little effect on this. This is a problem with the overall design of the app.
Rust, like Python, Java, Perl, PHP, VBScript, JavaScript, and most other languages, doesn't lend itself to one very specific type of bug called a buffer overflow. That specific issue is mostly just seen in C. Rust is like most languages in that buffer overflow isn't the bug you have to worry about in Rust (or in Perl, PHP, Python, Java, etc.)
What's different about Rust is a very clever marketing thing they did. They took the fact that most languages, including Rust, don't have buffer overflows and hyped it to Trumpian proportions. In marketing material that would make PT Barnum blush, they exclaimed "Rust is secure because it doesn't have buffer overflows! Write all your software in Rust and you'll never have another bug!" Understand this is analogous to saying "spiders are venomous, don't use spiders. Tigers have no venom! If you use tigers, you never have to worry about venom at all. Buy some tigers from us today so you can be safe!"
The problem then is that newbies who don't understand much about programming *think* they're safe because they're using tigers. No need to be careful with tigers because they aren't venomous. Er, I mean no need to be careful when you're using Rust because it doesn't have buffer overflows. That makes it slightly more dangerous, since a lot of people aren't being as careful as they should, thinking Rust is somehow magic.
I maintain a database of every CVE (security bug) ever reported. Well under 1% of them are buffer overflows, so it's a tiny percentage of problems that Rust protects against.
Roy? Say hi to Siegfried for me (Score:2)
Siegfried & Roy might have thought that, until 2003.
Re: (Score:2)
they're dangerous mostly just because of their size & strength. Temperamentally, a tiger who's born in captivity, raised by humans, and lives a life of pampered indulgence won't end up being fundamentally different from a housecat
So they'll let you know you've stroked them too much by pinning your arm down with claws?
They'll lie down in a 'please play with me' way then bite you?
They'll mock fight with you, using claws to pull your hand towards their mouth while their rear legs kick repeatedly at it?
My cats are lovely but there's a reason tigers aren't common pets.
Re: (Score:2)
get high on catnip
I really don't want to be anywhere near a tiger high on catnip.
A ten pound house cat going mental is one thing, a four hundred pound tiger would be something else.
Debug / unit t could be part of it. Pocket dialing (Score:3)
The app is designed to send messages, to contacts, with pictures attached. Obviously that code didn't appear by accident, it was included because that's the purpose of the app. The question is "why is the app doing its thing without being told by the user?" It's as if it's especially prone to "pocket dialing" (or accidental voice dialing?) for some reason.
> This smells like some debugging function left in accidentally
Specifically, a test script. Unit testing could easily have behavior similar to what was
Re: (Score:2)
What's different about Rust is a very clever marketing thing they did.
No.
They took the fact that most languages, including Rust, don't have buffer overflows
But most languages can't operate in the same spaces as C and C++.
That specific issue is mostly just seen in C.
And C++. And it just so happens that most of the high performance software in the world is written in one of those two languages.
Particularly web browsers (until Rust).
Write all your software in Rust and you'll never have another bug!"
That soun
Don't pretend it's safer than most other languages (Score:2)
> Right so we should neuter everything we use to build the major bits of infrastructure in the world because newbies?
What we should do is not pretend it's any safer than Python, JavaScript, Perl, etc. Most languages don't have the problems that Rust fanbois gloat about. As I said, 99% of all security issues are unrelated to anything Rust does any better, so to pretend that Rust will solve your security problems, or even a significant percentage of security problems, is dishonest.
Re: (Score:2)
You're arguing three silly points. The first is more or less "someone on a forum said something I don't like therefore Rust is crap". Secondly, you're ignoring that the main aim of Rust is the same space as C and C++. And thirdly, you're arguing that all CVEs are equal.
The thing is, most infrastructure is built in C and C++. If there's a CVE in Chrome, it affects 58% of internet users. If there's a CVE in OpenSSL, it affects an *awful* lot of services. Remember heartbleed?
What we should do is not pretend it
Point being Rust is only for building a browser? (Score:2)
You keep talking about web browsers, pointing out that most of them have some C++ code. Is the point you're trying to make "if you're writing a new web browser, consider Rust for the C-ish parts?"
If that's what you're saying, fine, I won't disagree with that.
If someone is building a new web browser, of course they'll use XUL or similar where appropriate, and it makes sense to consider Rust for other parts. (I didn't say use Rust, but considering it as one option is fine.)
> The first is more or less "some
Re: (Score:2)
Is the point you're trying to make "if you're writing a new web browser, consider Rust for the C-ish parts?"
That's literally what Rust was created for.
If someone is building a new web browser, of course they'll use XUL
You what? Firefox abandoned XUL.
and it makes sense to consider Rust for other parts.
Tha that is precisely what Mozilla is doing right now. They're slowly replacing C++ bit with Rust bits.
Not quite. Most of the comments and questions about Rust, here on Slashdot and many other places, either
Re: (Score:2)
Wow!
Write all your software in Rust and you'll never have another bug!"
That sounds like an invented claim.
Ok, maybe.
The problem then is that newbies who don't understand much about programming *think* they're safe because they're using tigers.
Right so we should neuter everything we use to build the major bits of infrastructure in the world because newbies?
This is definitely a an invented claim.
Re: (Score:1)
Correct me if I'm wrong, but I assume this software is written in Java, like many Android apps are. Would using a modern programming language like Rust instead of an older language like Java have prevented a bug like this from happening (assuming it actually is a bug that is being reported by these users) in the first place?
I assure you, bad code can be written in any language.
Re: (Score:2)
You didn't mention "marketing". Not sure how, but with Samsung, it's probably some dumb marketing feature gone awry.
Sharing is caring (Score:4, Funny)
Samsung is just trying to show that it cares by connecting you with your friends.
Bixby (Score:3)
Re: (Score:2)
I blame Bixby, about the worst digital "assistant" I've ever seen. I bet that Bixby is "interpreting" actions or words to do something stupid...
That's probably the answer. They added bixby for marketing reasons, since all the cool kids have digital assistants and they needed one as well. It's just that they can't write decent software. Having had a Samsung phone for doing Android development, I know I'll never get another one because their software is just so bad.
Re: (Score:2)
Re: (Score:1)
The real question is (Score:4, Insightful)
Who gets arrested when it sends out nude selfies from someone under 18? The coders? The CEO of Samsung?
Lawyers love this kind of stuff, lol
Re: (Score:2)
Re: (Score:2)
Hm.
If the person sending it is under 18, I believe the answer is "both." It's kiddie porn, after all.
Now, as an adult, if my phone accidentally sent a dick pic to someone under 18, I suppose I would be charged with some sort of sex crime but the person receiving it would be fine.
Re: (Score:2)
Sadly it would probably be the victim going to jail, because in many jurisdictions merely taking such photos would be a crime.
Re: (Score:2)
By victim you mean the person who made the child pornography. :-)
Yeah I get what you're saying, but the law doesn't understand.
sos, part 2 (Score:1)
Makes Me Laugh (Score:2)
Considering Samsung's ongoing anti-Apple marketing campaign, this just made me laugh.
Whew (Score:2)
Now I have an excuse for sending that pic to the hot chick in accounting. 'twasn't me, it was the phone! Drop that harassment suit already, dammit!
Besides, that's not a bathing suit. It's a tan line.
This is a scenario few of us imagined (Score:2)
at the dawn of the consumer digital age: a world in which combines unprecedented convenience with unprecedented complexity and unpredictability.
For every prior generation convenience, simplicity and predictability were effectively synonymous.
Next-Gen Personal Assistant (Score:2)
Systemic issue of toxic cesspool (Score:2)
Another set of issue is dominance- Learning department and security depart dominate over engineers. Engineers' belongings are checked when they are leaving, and not when they enter the building. If anything i