Which you can detect because the machine lets you in because you have the rights.
Cf. the Apple, where privilege escalations exist too, some are even actively exploited, but you cannot even run a tcpdump on the device.
What you cannot see can still be there.
Name a privilege escalation malware that affected unjailbroken Apple devices running the most currently updated version of iOS at the time.
Compare that to how common malware is in Android devices.
The comparison isnât even close. Android is infamous for dodgy malware running on devices (which are usually running old, unmatched versions of Android with know zero days).
Hell, I have one word for you: Stagefright
Easily the worst security vuln in android history and, knowing some devs at my work who had to patch code for it that we used on Android, a really badly written library that everyone got from Google and had on their device.
Quick lookup found this:
âJailbreaking not a requirement for infecting iPhones with Hacking Team spywareâ
https://blog.lookout.com/blog/2015/07/10/hacking-team/
I did not actually encounter any in the wild. The closest was some popup annoyance that ran in its own sandbox and thanks to root I was able to find what process it was.
âŚand I can block ads with ease, speaking of annoyances.
August 3, 2015, Cyanogenmod nightly is already patched.
August 5, 2015, bug is publicly disclosed.
Notice the word âfirstâ and then compare it with the hundreds or thousands of known Android attacks.
Yes, Cyanogenmod patches Stagefright after they knew about it. Did you look at how long it existed in android code before that date? This isnât an attack that existed for a month or two and was then fixed.
Complain all you want about Appleâs locked down platform but it avoids most of the security problems that plague android. If you want to live with that, be my guest, but almost all of the security people I know donât run Android anymore for a reason and that is the world of my work so I know quite a few.
How much of that is because of users not knowing better? How much is social engineering instead of an actual technical vulnerability?
I refuse to let a faceless bureaucrat/manager dictate to what I can or can not do, double so when it is on my own property. If the cost is some additional vigilance, itâs still a bargain.
Itâs like with a meds cabinet. On one of my travels I bought what amounts to about twenty lethal doses of menthol. (Put a crystal to hot tea, and the vapors will clean your sinuses pretty effectively.) It was a ripoff (I could buy the off the shelf product way cheaper from China) but still very cost-effective if compared with off-the-shelf safe-and-approved meds with the same active principle. I know I should not eat it with a spoon.
Why not give people the power they shouldnât have been denied and let Darwin sort it out?
We arenât denied power. If we want the power, we would have bought a different machine. Stop trying to fucking save us from ourselves. We are a blip on your radar and the ONLY reason you know about us is that our products actually work, we are happy with them, and we donât talk about other devices. I NEVER hear of Apple fans degrading other devicesâŚwe are GLAD you get the machines you want. We donât want them, but bully for you that you do.
Today:
You are. Afraid to take it? Afraid of the risk that comes with the power? Afraid of even the temptation of power that comes from the mere availability of the option of having it?
This sentence rebuts your previous sentence.
You are doing it wrong. Your behavior, and double so your defense of it, is giving a wrong example and normalize corporate slavery. The message that it is a good idea has to be stopped or at least countered.
Your crap does not let me in by design when I am the rightful owner. Therefore it DOES NOT WORK WELL.
Silent envy, perhaps? See the Samsung ad that beautifully spoofed this.
It takes some effort to find out if a given model has unlocked bootloader, and multiply it many times when youâre looking for a new phone. People donât ask for the info. Therefore vendors arenât providing the information readily and one has to dig.
Same goes for all other classes of information. If you want a capability list for a stupid webcam, good luck finding the technical data. You have to divine from fragments of whatever some third parties publish. Would it really hurt so much to at least dump the USB descriptors to the technical data section of the vendorsâ or at least the manufacturersâ web? Itâs about as easy as it can be, just copypaste the outputs of a few utilities. Why this is not a norm?
This topic was automatically closed after 5 days. New replies are no longer allowed.
