Thread: Idea: N900 security update (openssl, browser etc)
View Single Post
wicket's Avatar
wicket is offline wicket
2016-09-16 , 17:44
Posts: 634 | Thanked: 3,266 times | Joined on May 2010 @ Colombia
#30
Originally Posted by Xagoln View Post
Probably the two worst things they could do would be:
  • install ransomware on your phone and encrypt your filesystem
  • install a rootkit on your phone and then silently collect information, hoping you'd log in to a website from which they could garner info, or use your phone in DDOSing, or even record your calls, switch on your webcam, etc
Both programs that MicroB is comprised of (browser and browserd), run as the user user. For the two points above to be possible, a vulnerability would need to be exploited in the kernel or some other software. This may be possible indirectly through some other MircoB exploit, otherwise MicroB itself is completely safe from these.

As has already been mentioned, the main threat comes from MitM attacks but the problem is not only limited to wireless networks. Given these vulnerabilities in MicroB, I'd assume that pretty much all communications including passwords and other sensitive data are being intercepted. Global surveillance programmes have been well documented.
__________________
DebiaN900 - Native Debian on the N900. Deprecated in favour of Maemo Leste.

Maemo Leste for N950 and N9 (currently broken).
Devuan for N950 and N9.

Mobile devices with mainline Linux support - Help needed with documentation.

"Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer
 

The Following 7 Users Say Thank You to wicket For This Useful Post: