Notices


Reply
Thread Tools
Posts: 307 | Thanked: 777 times | Joined on Aug 2013
#1
Hopefully someone with more technical knowledge than me can provide some insight. How secure is an up-to-date N900 currently when you only use the standard applications and maybe occasionally the browsers in the repo?
The N900 hasn't received security updates for a long time now so I am wondering how safe we are and what we can do to protect ourselves.

I basically try to avoid browsing at all or browse for a short period of time and only to sites I trust.
I have easy debian installed, so for 'less trustworthy sites" I can always use a recent version of iceweasel. Easy debian makes use of a chroot so I assume that is intrinsically more secure than using standard maemo apps.
That is only browsing though.. other apps I should avoid or at least be aware of?
 

The Following 3 Users Say Thank You to t-b For This Useful Post:
Community Council | Posts: 528 | Thanked: 724 times | Joined on Sep 2010 @ Mbabane
#2
it's old. what are your needs? it's much better you explain your requirements then you can be told if those are possible or not.
 

The Following User Says Thank You to sicelo For This Useful Post:
Posts: 307 | Thanked: 777 times | Joined on Aug 2013
#3
OK - not sure about my needs because they can change daily but it basically boils down to (next to just using it as a phone) this:

- Maemo platform with the latest (stable CSSU) - how secure is just enabling internet out of the box? What about security updates for libraries? Is
- Browsing (1) - how secure is the default browser or any of the alternatives in the repos
- Browsing (2) - how secure is using easy debian for browsing or other uses (I assume the most secure solution - but I might be totally wrong)

- Other not updated apps that use connections to the internet or bluetooth (e.g. Twitter app - Mail - Facebook - Telegram - emacs)
- I haven't tried it yet, but also interested in using something like modrana

I am just trying to understand what the security risks are - what can happen (worst case) - how to prevent, detect or fix security issues. After understanding the risks one can decide how to continue to use the phone.
I am not paranoid btw
 

The Following 4 Users Say Thank You to t-b For This Useful Post:
Posts: 2,101 | Thanked: 1,928 times | Joined on Sep 2008 @ Berlin, Germany
#4
Just new today http://talk.maemo.org/showpost.php?p...postcount=2217
Including security update for libssl0.9.8
 

The Following 6 Users Say Thank You to michaaa62 For This Useful Post:
Posts: 1,776 | Thanked: 4,132 times | Joined on Feb 2011 @ Germany
#5
Originally Posted by t-b View Post
Hopefully someone with more technical knowledge than me can provide some insight. How secure is an up-to-date N900 currently when you only use the standard applications and maybe occasionally the browsers in the repo?
The N900 hasn't received security updates for a long time now so I am wondering how safe we are and what we can do to protect ourselves.

I basically try to avoid browsing at all or browse for a short period of time and only to sites I trust.
I have easy debian installed, so for 'less trustworthy sites" I can always use a recent version of iceweasel. Easy debian makes use of a chroot so I assume that is intrinsically more secure than using standard maemo apps.
That is only browsing though.. other apps I should avoid or at least be aware of?
At the risk of oversimplying the situation, using your N900 is, in terms of security risks, similar to using any other up-to-date linux. There are basically no Linux-based exploits in the wild. And N900/Maemo being not quite a "standard" Linux some things will be missing which imply that e.g. an exploit requiring bash will fail (because we have busybox), etc.

Note also that chroot has nothing to do with (real) security.

Obviously there are many -- known and unknown -- unpatched bugs and security holes, but for most practical purposes you're safe -- safer than with a modern Windows with an up-to-date antivirus anyway
 

The Following 7 Users Say Thank You to reinob For This Useful Post:
Posts: 114 | Thanked: 235 times | Joined on Dec 2009 @ Helsinki, Finland
#6
I agree with reinob.

The usual reason for writing an exploit for a system is getting economic benefit somehow. N900 is so rare phone that attacker has hard time in getting major money by attacking it. Of course it is possible to hit a jackpot, but I think attacker has better change by attacking ios or android.

Naturally this does not exclude people who write nasty software just out of curiosity, but again, why would they choose nearly six years old system? Naturally generic web page exploits against browsers might hit us, but even them might grind to halt when the browser gives access to underlying system which is alien to the attacker.
 

The Following 5 Users Say Thank You to Tsippaduida For This Useful Post:
Posts: 307 | Thanked: 777 times | Joined on Aug 2013
#7
It is awesome to see a phone as old as the N900 is still maintained and software improved. The CSSU team is doing an amazing job keeping the phone relevant.

Originally Posted by reinob View Post
Obviously there are many -- known and unknown -- unpatched bugs and security holes, but for most practical purposes you're safe -- safer than with a modern Windows with an up-to-date antivirus anyway
This is basically my main concern - there are tons of security holes being regularly patched in my Ubuntu and Debian PC. My N900 may not be the main target but there is still a risk. In some cases I just like the risk to be as low as possible - then I will probably use something like Easy Debian / DebiaN900. Thanks to alleviate at least some of my worries.
 

The Following 2 Users Say Thank You to t-b For This Useful Post:
Reply

Tags
fremantle, maemo 5

Thread Tools

 
Forum Jump


All times are GMT. The time now is 22:10.