Originally posted by aht0
View Post
I mean they can just have an automated update service that looks up on a remote server over http (= easy man-in-the-middle attack) and automatically downloads and installs some apk like xiaomi does (where also a malicious user can just redirect this connection to his own "server" and serve any malware apk instead) https://thehackernews.com/2016/09/xi...-backdoor.html
Knowing their style, it's probably just some debug stuff, or they left in code they use for modems in dongles (that need the ability to read/write internal storage or a SDcard attached to the dongle)
The issue is that if someone else finds similar bugs and can take control of modem, there is no barrier to keep you safe.
While with Purism smartphone they are using modems over USB protocol, which keeps them isolated from the actual system.
Comment