←back to thread

Google confirms Android attacks; no fix for most Samsung users

(www.forbes.com)
208 points mohi-kalantari | 4 comments | 08 Dec 25 16:32 UTC | HN request time: 0.061s | source
Show context
xnx ◴[08 Dec 25 17:09 UTC] No.46194816[source]
No fix yet for Samsung. Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.
replies(4): >>46194950 #>>46195302 #>>46196592 #>>46197233 #
bigbadfeline ◴[08 Dec 25 17:45 UTC] No.46195302[source]
> Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.

Being reliant on a single OS permanently nailed to the hardware is no less crazier. I'd like to be able to install another OS on a vulnerable device, it would help tremendously and not only with the security of that specific device.

Now I've got some expensive paperweights that I can't even use as such because every time I see them I have the urge to throw them in the trash can.

Provide a way to unlock the phones and a standard BSP, it should be the law.

replies(4): >>46195806 #>>46196802 #>>46197622 #>>46198025 #
1. GuB-42 ◴[08 Dec 25 21:41 UTC] No.46198025[source]
Just because one layer of the security stack is compromised doesn't turn your device into a paperweight. I know many people who use out-of-support and vulnerable devices and I am not aware of a single one getting pwned by a system exploit, it is always some kind of phishing or scam. This is anecdotal evidence but I couldn't find actual data, as most don't distinguish between malware that rely on system-level vulnerabilities (as in 0-day) and the ones that don't (like fake apps that steal credentials, mine crypto or inject ads). But it is clear that the former are a minority on Android.

If you don't know what to do with it because your security standards are so high, just give it to someone with lower standards then you, or use it for some project that doesn't involve sensitive data. And if security is broken to the core, there is probably some vulnerability you can exploit to root your phone and do whatever you want with it, including installing a custom ROM.

Still, I agree with you on making it mandatory to provide an unlock method, at least for out-of-support phones.

replies(2): >>46198388 #>>46198716 #
2. avadodin ◴[08 Dec 25 22:17 UTC] No.46198388[source]
It's not 1999 anymore. If you get RCEd today as a nobody you don't get a purple gorilla.

Just silently enlisted into a "Residential VPN" and a background script that checks for the SSID "Iranian Research Facility" every time you turn your wifi on for some reason.

3. _factor ◴[08 Dec 25 22:47 UTC] No.46198716[source]
"I've never had someone steal from my car, so the fact that my car lock doesn't work is not a problem."
replies(1): >>46199285 #
4. GuB-42 ◴[08 Dec 25 23:43 UTC] No.46199285[source]
More like: "Every time someone stole from my car, that's because I forgot to lock the door, that the lock can be picked is not a problem".

Sure, a thief may pick your lock, but unless he knows there is something valuable in there, he will probably go find a car the owner forgot to lock, it less effort and there are plenty of them, or he may look for more valuable targets.