I suppose if we really wanted to treat tech security like public-health science, these guys should have submitted their findings to a peer-reviewed publication before going public with it.
So, anyone know if this affects AOSP based roms or just the stock roms?
The way I read it, this will still affect AOSP and Cyanogenmod releases because the affected binary code (libsec-ril.so) is still used by them.
The replicant page describing the behavior says that it does not work on devices running replicant and (to the best of my reading) the filesystem-access capabilities are built into the driver that the modem communicates with, not into the modem itself(which would be theoretically possible; but require that the modem have access to the memory space, the flash, or both, and onboard processing power sufficient to implement multiple filesystems and avoid potentially messy concurrent-write issues with the primary OS, which assumes that it is the only software with the filesystem mounted).
So, anything running a driver that implements Samsungās modem command set is vulnerable; but the mere presence of a Samsung modem, if running with a sane subset of things-a-modem-should-be-able-to-do, would not be an issue.
Thanks a whole goddamn lot, future, no flying cars and my modem is a rootkit. Any other surprises?
Maybe itās my pre-coffee brain at fault, but I canāt find any mention of the Galaxy S4 being affectedābut also no mention that itās not affected. A strange omission, given that itās Samsungās flagship phone.
Sorry, which law is it that prohibits public health specialists from reporting preliminary results without peer review? iām not familiar with it.
The Replicant page lists Galaxy models that were affected, but the S4 is not on there. This article has a picture of the S4 at the top.
Iām not familiar with laws that require peer review for anything, so Iām not sure what youāre trying to say here (as opposed to in your editorial, which suggested that peer-review in the health sciences is a good thing, even though not a legal requirement).
So, in plain Englishā¦ HOW do I get to fix this particularly back-door???
Frankly, I think treating technology in such a way would be a good thing. But your comment implies that the authors of the article are incorrect in some fashion and that a peer-reviewed journal would have corrected said errors. Is that what you are saying?
There is no fix except to replace the binary blob(s) delivered by Samsung - at this point it means installing replicant since those havenāt been replaced in the other custom ROMs yet either. Iām not sure they can be - at least not easily, since they interact on a low-level proprietary hardware level. Meaning, if you take it out, things will break. Iām not sure things will even run.
It seems the replicant project has rewritten it - or is attempting too reverse-engineer it - and thatās when they found these suspect library function titles.
The question to me is if this stuff is accessible, accessible remotely, etc. Iām sure Samsung didnāt put this in at the behest of the NSA but I can bet that if they didnāt know about it before, theyāll be all over it now.
The lesson is, never trust code you canāt see.
Iām not saying the article is incorrect in any way, just that if peer review is a good thing and should be the standard one aspires to, then thatās exactly what it should be. A lack of peer review doesnāt imply anything negative about any particular report, article, paper, or whatever, although itās certainly true that peer review will catch some mistakes and generally raise the quality of publications in terms of their factualness and analytic quality (though it will also keep out some perfectly fine papers that donāt meet some standard of newsworthiness or robustness, even if they are true and accurate).
I do think that this illustrates a major problem with a robust implementation of the scientific method in the tech context, though: they move at very different speeds. Peer review and the like takes time and money. And if you want to treat tech like public health, consider the major time and expense of getting FDA approval for drugs: 10 years and a billion dollars isnāt uncommon. This might be an extreme example, but try to imagine Coryās beloved startups in Silicon Roundabout being forced to negotiate these sorts of hurdles. These are not considerations that young entrepreneurs want to be forced to go through, especially when theyāre scrounging pennies and want to get something to the market as quick as possible.
It appears that the S4 might not have been evaluated since it is not one of their target devices at this time.
I would assume that it has the same instruction set in its driver.
As an epidemiologist who has published in both peer review and non-peer review formats I call shenanigans on your comment. Shenanigans I say!
Wait for an official update to be pushed out to you. Since itās all open source and Samsung is better than Apple, Iām sure itāll happen in about 10 days, give or take a few.
Headline is deceptive. It allows for OTA filesystem access - as the āradioā user, which canāt access shit.
Except on the Galaxy S (the first one), in which it has root access, and this is a huge security hole.
Did you read the rest?
On other cases, its runs as an unprivileged user that can still access the userās personal data (/sdcard).
The lesson is, never trust code you canāt see.
I hear ya, but I donāt trust āopenā code I can see, either.
Well, with the webview bug one could mitigate - donāt use the built-in browser or apps you donāt trust and donāt go to websites you donāt trust with your phone (which is actually always good advice.) The fix was also in the next version of Cyanogenmod - so, theoretically, you could update your phone although most people didnāt. Googleās reaction to this was bad - basically a āmehā - which is why it took so long to fix.
And with the gnuTLS bug I guess it should be: ānever trust code you canāt see or canāt understand.ā Or, cynically: ānever trust code.ā
I canāt see Samsung coming out with a fix for this bug for any existing phone - I guess the upside is that it can only be exploited through the tower (or the fake one someone sets up) so itās difficult (at this point) for any non-governmental actor. Easy for the three-letter organizations though.
The alternative is trusting whatever mega corporation who is trying to sell you units to do rightā¦ in secret.
I think Iām going back to a dumb phone.
Iām hoping the Ubuntu phones are better. Iām not very hopeful though.