Fearmongering 101: The Case of the Samsung Galaxy Backdoor Exploit
Yesterday, the Free Software Foundation published an article written by Paul Kocialkowski. A software developer for the the Android fork system Replicant, Paul stated that his organization discovered, and later patched, a "backdoor" vulnerability that existed in older Samsung Galaxy devices, including our beloved Galaxy S3s. Only problem is, it's kind of bullshit—but we'll get to that later.The post detailed a program that runs on the device's radio (baseband + modem), potentially allowing for a backdoor that could read, write, and modify system files on the device's storage from the processor. "We discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system"The article went on to state that Replicant had found a way to close the backdoor, which required an installation of their open-sourced Android fork. "Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it."Hmm...so the fix is to use their software, interesting.
Why It's BullshitThe article and exploit have been effectively debunked, thanks to a tip to XDA from an anonymous security expert. Basically, making this backdoor actually work would "require a modified firmware with with security features disabled".This means that if you've accepted a firmware update in the last year, which you probably have, then you're safe. In addition to that, our devices now run SELinux (a security module in Linux kernels, ie. Android), which all but closes the door on this type of potential attack.
Why Did They Do ItReplicant is a free, fully open-sourced Android distribution, or fork. As such, they take great strides in building ROMs that are indeed open, from their source code to their apps—so much so that they even substitute Google's proprietary apps with open source alternatives. While it may not be great to the average end user, open source apps have been steadily gaining ground, even if most of us will replace them for the more polished, closed sourced versions. But the one area where open source stalls are with proprietary device drivers, causing headaches to devs trying to port things like Bluetooth and LTE functionality. Groups like CyanogenMod use general workarounds to make everything functional, but that's usually at the cost of stability, since OEMs like Samsung will just about always include proprietary code into basic functions.A post like the one written by Paul is great in that it points out security flaws, but this case seemed quite self-serving. Not only did they tout their "fix" and their software, but by calling out Samsung, they hoped to make some waves within the consumer community. If we read the post and get angry enough, enraged emails and tweets to Samsung could elicit a response. But more than that, an uproar can cause the OEM to actually release their code, in this case for the modem/processor, which in turn makes forks like Replicants much more stable, since they can infuse the original code from the manufacturer.But in this case, I wouldn't count on it, or even a response from Samsung. The internet did its job, and we can rest assured that the hit in credibility to Replicant, as well as the Free Software Foundation, will hopefully curb this type of fearmongering sensationalism...hopefully.
Security concept image via Shutterstock
Do you carry cash with you wherever you go? Here are 8 super important reasons why this is always a good idea. Don't forget your cash, or else you'll pay.
This video help to beginner how to use net bus.In this video we showing you how to hack other computer using netbus 1.7 Trojan step by step.This video only for educational purpose not promote crime.
How to Hack with NetBus 1.7 « Internet :: Gadget Hacks
Pr-requisite for installing TWRP Recovery: Remember to keep the following necessities in mind for installing TWRP on your OnePlus 6. Make sure to charge your OnePlus 6 fully. so that it does not make any hindrance in the process later on. Use only a certifies USB Cable by the manufacturer. Also, unlock the bootloader on the OnePlus 6.
How to Unlock the Bootloader on Your OnePlus 5 or 5T
In order to access any regional Netflix site you need to use a Proxy Provider to bypass country restrictions. We recommend Unblock-Us Smart VPN. The set up is easy and takes only minutes to configure your Router, TV, computer, and virtually any device you have.
How to Watch US Netflix in Canada - How to Watch
The Easiest Way to Back Up, Restore, & Sync Files - HTC One
Star Trek 1966 TV-PG 3 Seasons Alien Sci-Fi Led by unflappable Capt. Kirk, the crew of the starship Enterprise delves deep into the far reaches of space to explore new worlds and civilizations.
Star Trek: The Original Series - Wikipedia
Related. How to make firefox load youtube automatically when clicking open in new tab; Since I had to mess with content blocking yesterday - I can no longer play videos anywhere.
Can't Watch Youtube Videos on Firefox Fix - YouTube
Facebook may connect millions of its users to each other with its messenger service, but it can also make it very difficult to avoid those annoying "friends.". The problem is, when you use the default Facebook Messenger app, you get the added bonus of a timestamp added to messages that you have seen.
How to read messages and remain Undetected on Facebook Chat
Close All Chrome Tabs Simultaneously on Any Android or iOS Device [How-To] I'll be showing you how close all your Chrome tabs at once. We'll go over how to do so on Android & iOS smartphones
How to Close All Open Tabs at Once in Chrome for Android
FAQ for Samsung Phone & Tablet. Find more about 'How do I change or hide notifications on my Samsung Galaxy Note5 lock screen?' with Samsung Support.
How to hide sensitive content from Galaxy Note 9 lock screen
We show you exactly how to unblock someone on Facebook, step by step. do is open the Facebook app you have on your Android device. is that once you unblock someone, you can't block him
How to unblock an Application? - Microsoft Community
0 comments:
Post a Comment