Re: QuadRooter: New Android Vulnerabilities
Not exactly but almost.
A must-have-fartapp claiming it needs only access to the 'noise system' may get all the access it wants with that exploit. |
Re: QuadRooter: New Android Vulnerabilities
Quote:
It does absolutely nothing regarding security. I mean, just look at what most people do to escape the library whitelist: statically link to whatever library they feel like. Security in Sailfish basically comes to the separation between 3 users: root, privileged, and nemo. - Root is "I just bricked your device by accident" level - Privileged is "I can email your address book to china" level. - Nemo is "I can convert your phone into a major spam-sending operations center, break havoc in all your other running applications, including reading their data (since you can ptrace them), but at least you may not be able to easily read the stock sailfish contacts database, and hopefully not brick the device". Curiously enough it seems that all of this was done more to satisfy Exchange requirements than for security/privacy reasons. Applications in the store are limited to the "nemo" level mostly because install scripts are forbidden (thus you cannot run stuff as root during install time, and therefore you cannot set the setuid bit on files). This protection is not extended to random .rpm files. Those immediately get to the "root" level already during install time. I have no idea how much sandboxing is done in AlienDalvik (it is proprietary) but my wild guess is also "none". |
Re: QuadRooter: New Android Vulnerabilities
Quote:
There's still a _huge_ difference between "oh, perhaps this thing deleted all my documents" and "oh, perhaps this thing deleted all my documents, corrupted my word processor so as to silently capture all my future keystrokes and insert random typos and/or menacing insults, backdoor every other program, insert a non-removable piece of itself on my firmware, which will corrupt every future backup disk I insert on my computer while trying to restore my documents (worse: do it silently), propagate itself through my cloud backup systems (if I have any) to my other computers, corrupt any type of version history-like backup system (e.g. time machine) that would have allowed me to undo the actions of the malware, etc. etc. long etc.". Things have not changed that much in the 21st century. Not in this area. It is one thing when malware/an accident can destroy your documents. It is another thing when malware/an accident can destroy your documents, anyone else's, and the operator's backups. |
Re: QuadRooter: New Android Vulnerabilities
So much wrong here...
Can we do anything to to protect device other than not using jolla or android? |
Re: QuadRooter: New Android Vulnerabilities
Quote:
Or to any other system, maybe "not using iOS" also? There is a simple rule that you should follow. Really simple, and it works perfectly; Just-Do-Not-Install-Crap-On-Your-Device. |
Re: QuadRooter: New Android Vulnerabilities
Quote:
|
Re: QuadRooter: New Android Vulnerabilities
Quote:
And good sandboxing that does not reduce all applications to toys due to blocking critical functionality is hard... That's why most "normal" Linux distros accept software to their repositories in a source form only & require it to built on the distro managed infrastructure. While this is also not foolproof (you would have to read & audit the complete source code of all the software you accept to be 100% sure), it's still much better than accepting random binaries. Quote:
|
Re: QuadRooter: New Android Vulnerabilities
use N3315 and your data safe, your contacts safe, win win solution.
|
Re: QuadRooter: New Android Vulnerabilities
I've halfway been expecting chipset exploits for quite a while. Exciting times we live in...
|
Re: QuadRooter: New Android Vulnerabilities
not a big issue... you can patch all the vulnerabilities... there's an app that let's you kno if your kernel is vulnerable http://blog.checkpoint.com/2016/08/07/quadrooter/ for android... same link from first post.
next... only owners with ancient OS"s will be really effected... too bad. |
All times are GMT. The time now is 22:40. |
vBulletin® Version 3.8.8