Announcement

Collapse
No announcement yet.

Replicant Developers Find Backdoor In Android Samsung Galaxy Devices

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by dalingrin View Post
    I'm sure this will be pulled now that they know of the backdoor.
    I doubt they'll be able to remove it, otherwise they're going to break functionality. The wiki page about the backdoor provides a solution though:

    "Alternatively, the kernel could block the incriminated RFS requests and keep a trace of them in the logs for the record. That option would work for CyanogenMod, where the incriminated proprietary blob is still used."

    Comment


    • #12
      NSA back door maybe!

      I really doubt this is a accident.

      Comment


      • #13
        Originally posted by HeavensRevenge View Post
        Even if it is a backdoor, the point of open source is that the hole/vulnerability was able to be found, and can now be fixed and plugged.
        Don't get too wrapped up in the supposed open source superiority here. Open Source just makes it easier for people to analyze the code for ways to exploit it.
        This is one of the primary reasons why open source is superior vs. closed source binary blobs since if such a hole is found, it'll get fixed, instead of aiming for security by obscurity and having the hole never be found but only exploited in secrecy.
        In all likely hood this hole will be replaced by another. I really doubt this is an accident.

        Comment


        • #14
          Originally posted by wizard69 View Post
          Don't get too wrapped up in the supposed open source superiority here. Open Source just makes it easier for people to analyze the code for ways to exploit it.


          In all likely hood this hole will be replaced by another. I really doubt this is an accident.


          WTF!!!!!! If it was like that, then Linux and its high priority targets(users), would have experienced the same thing as with Windows by now. But free software isn't broken till today, even if it is a high priority target and it will not be even if it gains more popularity. If they didn't succeed to brake it today they will never be.

          Comment


          • #15
            Originally posted by wizard69 View Post
            I really doubt this is a accident.
            A year ago I might have thought otherwise, but with today's knowledge... "accident", yeah no. Inb4 "oh this was a leftover from internal testing blabla, service function blabla, we value our customers blabla".

            Comment


            • #16
              This sort of thing is why I don't have a smartphone

              Smartphones are usually sold directly by telecoms, which can make money by spying on users and selling the data. As a result, all closed software and firmware that arrives on a device shipped by a telecom, or normally shipped to a telecom, must be presumed malicious from the start. It can be replaced, and that will stop a hell of a lot of the spying but it does not make the device trustworthy.

              This is not the first time this has happened, nor will it be the last. Remember Carrier IQ? How about all that iOS spyware that kept a database of user positions. When the whole OS is shipped by a carrier or by a company whose main market is the carrier, it is trivial to drop in binaries or bugs that can only be found by analyzing their behavior. Since they'be been caught before and gotten away with it, they will now remove this backdoor and insert another. The hardware can't be trusted either as the main market for it is to the telcos to sell in their stores.

              A smartphone normally sold retail by the telcos or normally wholesaled to them I put in the same category as an encrypted computer siezed in a police raid only to be returned: presumed malicious at the hardware, firmware, and software levels. I would throw such a machine away presuming it to be buggged by someone whose abilty to plant code and hardware exceeds my own ability to find them.

              Comment


              • #17
                Luckily, I haven't seen people be anti-oss here, but the reason this security hole was found, was because of the Reverse Engineering efforts replicant puts in to supply us with an opensource RIL-library. If it where opensource from the start, this would have been discoverd years ago and fixed years ago. Now, it's unfixable. It's replaceable by replciant's free-ril library, but a little work might still be needed there and cyanogenmod has to pick it up and start using it in their tree's.

                For provider supplied or manufacturer supplied, there is little hope. Mabye one day. But not just yet.

                Comment


                • #18
                  People with no ideological or philosophical sensitivities need not worry.
                  Their phones will appear to function just as perfectly with or without the backdoor.

                  Comment


                  • #19
                    Originally posted by achaios View Post
                    People with no ideological or philosophical sensitivities need not worry.
                    Their phones will appear to function just as perfectly with or without the backdoor.
                    You mean idiots who don't care about their safeness and privacy, don't you? Give me your passwords and don't worry, be happy, because you're not ideologically or philosophically sensitive. You're an idiot. Btw. this clearly shows how superior Open Source software is compared to proprietary.

                    Comment


                    • #20
                      Originally posted by wizard69 View Post
                      Don't get too wrapped up in the supposed open source superiority here. Open Source just makes it easier for people to analyze the code for ways to exploit it.
                      Mmmyeah, you keep telling yourself that...

                      Comment

                      Working...
                      X