Major Qualcomm chip security flaws expose 900M Android users

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
#2
Android is an open system running on relatively open hardware that's largely manufactured by the lowest bidder in a country with a monolithic security apparatus. There are going to be exploitable flaws everywhere. You could probably flash Ubuntu or NetBSD onto your phone but you'd be giving up minor conveniences like LTE and most of the cloud functionality.

Or maybe just don't do sensitive things on your phone.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
#3
Or maybe just don't do sensitive things on your phone.
This is the approach I take.

What's worrying is that even on the desktop, repeated vulnerabilities are found with https, and internet financial transactions are something that will be extremely difficult but not impossible to live without.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,243
Location
SC
#4
This vuln is way overblown. To activate it you need to sideload an app and disable google app verification. Things you probably should be doing unless you really trust where you got that app from.

The only android vuln that worried me was stagfright but it's fixed. At least on Nexus and other devices that are getting the monthly updates. If you care about security Nexus is the place to be.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
#5
... unless you like removable batteries and card readers.
LG delivered the Android M update for my phone on midnight, January 1st, 2016. Sprint made it available immediately. I've continued to get OS updates from LG in a timely fashion. I know Samsung abandons hardware at the drop of a hat but so far I can't complain about LG.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,243
Location
SC
#6
... unless you like removable batteries and card readers. ~
That's a concern but for me it's mitigated once the battery is big enough and the phone is available with enough memory (6P/64gb). Now that google is pushing monthly updates I think we are seeing who is going to put the effort in to keep up to date and shame those that don't. Google knows that many won't so that's why they made the patch level visible in about phone, and if a manufacturer is hiding that we know it's not good news. I think it was motorola that recently came right out and said they can't do monthly. Blackberry has been surprisingly good on their android handsets, beating the nexus releases. I'd be happy with a phone consistently released the patch inside a month or two.

No software is perfect and these are not appliances so I'm looking at which devices are consistently getting updates. So far it's really just Nexus, Blackberry (but their android hasn't been around for long) and a handful of select flagship phones.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
#7

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
#8
I don't think there's such a thing as a big enough battery. Maybe if it lasted a week or something. I find that I can go two days without charging if I ignore the fact that I have my phone, but if I'm shooting video I'm only going to get ~4 hours out of it no matter what I do. And I'd rather pause and slap in a new battery than be tethered to an external battery or giant clunky battery charging case.

Storage? Again, no such thing as too much. My phone has a 200GB card in it. I'm "only" using about 2/3 of that, but as a device I know I'll always have with me, it's definitely a useful place to put things.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,243
Location
SC
#9
Check out copperhead supported devices list, Google isn't doing too bad IMO when they enable things like this to exist. I'd return to iOS if security was the highest priority for me but it's about trade-offs and I also like flexibility. I'm really only against the vendors/carriers that are patently against updates.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
#11
Ironic that Google is "enabling" guys like copperhead instead of fixing the problem themselves.
It's an architecture thing. Google wraps a lot of stuff in to the Play Services Framework, which can be updated on everything even going back to Android 3 or 4. That's really the important part of the OS (and if you don't believe me, try using an AOSP device without Play or Amazon Services). The rest is open hardware. Google doesn't really know what anyone is doing with their OS and since they allow stuff like different launchers and keyboards, it can't really be responsible for those things. If it gave those things up, we'd just have another iOS or Windows mobile.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
14,939
Location
USA
#12
Android is an open system running on relatively open hardware that's largely manufactured by the lowest bidder in a country with a monolithic security apparatus. There are going to be exploitable flaws everywhere. You could probably flash Ubuntu or NetBSD onto your phone but you'd be giving up minor conveniences like LTE and most of the cloud functionality.

Or maybe just don't do sensitive things on your phone.
That last part is the best policy.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
14,939
Location
USA
#13
I don't think there's such a thing as a big enough battery. Maybe if it lasted a week or something. I find that I can go two days without charging if I ignore the fact that I have my phone, but if I'm shooting video I'm only going to get ~4 hours out of it no matter what I do. And I'd rather pause and slap in a new battery than be tethered to an external battery or giant clunky battery charging case.

Storage? Again, no such thing as too much. My phone has a 200GB card in it. I'm "only" using about 2/3 of that, but as a device I know I'll always have with me, it's definitely a useful place to put things.
Maybe you use the phone too much overall. There are also better choices for shooting hours of video. :)
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
#16
The ergonomics alone of shooting 4 hours of video with a phone just buggers the mind. Do you have some special mount or robot arms? ;)
I put my phone on a short lanyard that falls around my sternum. I walk around the entrance to a comic book convention. I've never done four full hours of video but I've done more than two several times and I could see going longer if I didn't want to go do other things. Even two hours of video recording has a pretty serious deleterious effect on my battery though.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
14,939
Location
USA
#17
I put my phone on a short lanyard that falls around my sternum. I walk around the entrance to a comic book convention. I've never done four full hours of video but I've done more than two several times and I could see going longer if I didn't want to go do other things. Even two hours of video recording has a pretty serious deleterious effect on my battery though.
Ordinarily that would be kind of creepy, but I suppose not unusual at such a venue. Without stabilization isn't the video nauseating, or do you just stand in one place?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
#18
It's not out of place. Lots of people have cameras out. If you're looking at someone's 500 hour labor of love costume, it's something they want others to see.
When I see something important. I stop, stand still and move carefully. Most of what I'm recording will just get cut regardless.
 
Top