Related
There is a simple solution to that all of this problem that anyone can use. This will effectively circumvent any legal issues and keep rom updates relatively simple.
1st Problem- A developer cannot distribute Google closed source aps.. This however does not prohibit legitimate users from holding a backup copy. (Fair Use protects the end user of this). If this were not so you could not have over the air backups on your phone, (update.zip)
2nd Continual updates of closed source google apps--- The updates provided by google will be pushed to us legitimately (hence always an approved up to date source for the closed source apps for our liscenced personal devices)
Solution--
-A rom cooker simply needs to build the rom with the applications in place, test as if a complete distribution and right before packaging pull the APKs that are closed source (the Rom does not have to be functional without them.
-The user simply downloads the rom as a "kitchen" places their apk files in a folder in the kitchen.. A provided script or simple program can be put in the kitchen to add these programs back into the package in their proper locations and resign. The output saved into a folder in the kitchen and boom functional rom
---This keeps the letter of the law and spirit, and since the developer is not distributing their code they are safe because they are only distributing android open code, but since YOU hold a legitimate ROM backup provided BY Google for YOUR liscenced device you can simply place such files in the provided folder. Run script and you are done. This program would be simple to create or scripted. File version would have to be simply pre agreed upon in the post much as some developers suggest a radio version with their roms.
--If you dont have a copy or dont hold the knowledge to extract them, then I am sure some kind souls would have accidentally placed them on rapid share for your backup enjoyment... (Liability is not on developers)
I took a screen shot of what I see as a possibility, I would make the application but I am not a ROM developer and these guys clearly have some headway on me....
Look at the picture attached....
By the way this would be legal and not infringe on the law. Since the developer is only providing a "blue print for a possible rom"
Interesting...I'm not a dev...but it seems it could possibly work.
Good idea, I was literally thinking the same thing. It could definitely work.
It would be simple enough.... very simple... Unfortunatly by the time I lay done the first line of code somebody here will have created 10 versions of this.. LOL I am rusty in programming.. Which for something so simple would probably not be needed.
it would definitely make sure that people had to step it up and learn more. I'm totally down for anything that makes people smarter!
I prefer a method such as this over the creation of replacement apps for the google suite (for the short term anyways..).l
http://twitter.com/cyanogen/status/4384352484
If a person can root their phone, or even copy their rom file to the phone then they already have more than enough skill to do a simple drag and drop and a double click... but then again I have been surprised (scared) many times by the average intellect of most people.
Mismatching is definately a problem but not one without a solution. Again some of this will have to be a little sneaky at first. But this is for a few apks. True they are intertwined in the os. Thats why a standard has to be followed for this...
It will make rom development a little more regid but still very much doable. The apks/odexs would have to be controlled a certain way but this is not out of the real of possibility... The roms would come at a slower pace for sure..
afbcamaro said:
Mismatching is definately a problem but not one without a solution. Again some of this will have to be a little sneaky at first. But this is for a few apks. True they are intertwined in the os. Thats why a standard has to be followed for this...
It will make rom development a little more regid but still very much doable. The apks/odexs would have to be controlled a certain way but this is not out of the real of possibility... The roms would come at a slower pace for sure..
Click to expand...
Click to collapse
The new, improved fix_permissions script available in this forum will fix all the mismatching and do the odexing. Perhaps a few lines of code added to the beginning of that (OS) script could transfer the Google apps from their storage spot into the newly installed CMUpdate. Just store backups of the necessary apps on the phone, install the new update, run the script that reinstalls the Google apps, fix permissions and Odex, and re-boot into your new ROM. It looks pretty straight-forward to me.
I am sure that in the beginning it will be complicated with multi steps, but soon there will be an auto-update ap that will do the lot!
Are there going to be compatability issues, even we will end up wiping everytime we get a new rom + closed apps in?
This is so stupid. Can anyone "outside US" take over the roms so we can move on unaffected, as it is happening with everything else in the net that they try to close/block/control?
zaqwsxzaqwsx said:
I am sure that in the beginning it will be complicated with multi steps, but soon there will be an auto-update ap that will do the lot!
Are there going to be compatability issues, even we will end up wiping everytime we get a new rom + closed apps in?
This is so stupid. Can anyone "outside US" take over the roms so we can move on unaffected, as it is happening with everything else in the net that they try to close/block/control?
Click to expand...
Click to collapse
that sounds good?!
Ok, so if they like the work Cyanogen has done, but they have problems with his distribution of certain elements, maybe he just needs to TALK to them and see what can be done. You cant tell me that they don't see the following, and publicity that his roms draw. That is advertising, and companies pay BIG Bucks for good advertising. They need to C.Y.A on their end, but I bet they woulds be happy to tell him what he can do to comply. Anything "gray area" that is done with the roms to come will certainly bring back the lawyer talk, so why not see what they have for ideas.
There's also the problem that software backup is NOT covered under Fair Use, which you can read about Here http://www.copyright.gov/title17/92chap1.html#107
There's also
http://www.copyright.gov/help/faq/faq-digital.html
That's an interesting read, specifically
It is also important to check the terms of sale or license agreement of the original copy of software in case any special conditions have been put in place by the copyright owner that might affect your ability or right under section 117 to make a backup copy. There is no other provision in the Copyright Act that specifically authorizes the making of backup copies of works other than computer programs even if those works are distributed as digital copies.
Click to expand...
Click to collapse
And out of the Google Market TOS(First one I found)
Section 3.5
Unless you have been specifically permitted to do so in a separate agreement with Google, you agree that you will not reproduce, duplicate, copy, sell, trade, or resell the Market for any purpose.
Click to expand...
Click to collapse
Our best bet is to convince Google to give Cyanogen a licence providing he takes certain actions to make sure end user has a licence, such as having Cyanogen updater only run on MyTouch, Hero and G1. Or get Google to give us these apps in push fashion after initial setup.
ohwut said:
Our best bet is to convince Google to give Cyanogen a licence providing he takes certain actions to make sure end user has a licence, such as having Cyanogen updater only run on MyTouch, Hero and G1. Or get Google to give us these apps in push fashion after initial setup.
Click to expand...
Click to collapse
Pretty much what I was leaning towards- there IS a way, it is a matter of figuring out what will make them happy. If it benefits them, and helps us it's a win-win
btw, greetings from Gresham Small world
What I would do is simple just get the dev to not include the google apps and add a standalone app which will then once on ur pc push your backup google apps back into the rom zzip and sign and voila. Simples
I really doubt google will attack anyone for holding copies on ur pc. How can they find out without invasion of privacy
Look any script that anyone compiles will be viewed as warez.
What you need to do is use existing apps. But installing and backing up should be done at the User level. Writing instructions on how to backup and reinstall applications will in no way violate Google agreement at the Dev level. It would however violate it at the User level. And even at that level it is not real clear as you are just using what was entitled to you at the purchase of the phone. You can technically go after Google for violating their end of the deal and not allowing you to use the content on the device.
They dont know how these apps ended up back on your phone they have no case.
And lets face it technically installing a custom rom is violation of the T-Mobile agreement in its self. Using the Tether app is violation of it also. So no matter what people are breaking the law as it is.
A script can not violate the law in this case. The user using it for illegal purposes can be.. but let's be honest most of the ground these coorporations use for infringement are in murky waters and can be defended with a pathetic lawyer, especially a user... most of us break the law with or without knowing it one or twice a year maybe more. Microsoft doesn't go after a user because it will do them more harm than good. A crime right that profiteers from this they will go after. Google has to prove monetary loss due to you action and with a user it will fall under to minor to show up on the radar. A lot of people are more afraid of these companies than they should be.... microsoft has taken action in the past with windows mobile.. xda could not host the roms... so they went to private host like rapidshare... whay they would have to do in order to go after a user cost more than is worth especially something that they know is shaky ground.... I would dare develop and host them offsite. We are trully making it much bigger than it is by being so fearful to come up with solutions. We are convincing outselves that every action to circumvent this is illegal as well
If google just made all of these apps available on the market it would solve the problem.
Then we could still have custom ROM's minus the propitiatory apps, then we could just install them from the market.
As long as the source already included all the dependency's I don't see how this would not work. There apps are free anyway and we would be getting them from the market, an "official" distributor of said apps.
Win win for everyone.
The market is not one of the propitiatory apps is it? Because that would kinda **** up my master plan here.
HOLY CRAP, i just had a realization... if Cyanogen could obtain a lisence from google, then we could probably put roms in SAM or even the market and just update or have an updater app that could save your homescreen and your google sign-in and other user data.... even have a rooting app on there
this could be a new step towards a more open android putting root and custom roms in the hands of regular users and then if that happens i think android would become truly great then we would surpass the iphone on so many levels not just the developer/flasher level, but on the reggy consumer level
I wrote this On Xperia Neo General forum but it belongs to here much more.
Original thread at: http://forum.xda-developers.com/showthread.php?t=1447095
Click to expand...
Click to collapse
Introduction
I have not seen much talk about security in XDA.
First, here's just one informative link talking about using and developing apps and security risks involved.
http://www.technologyreview.com/comp...1/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.
In my honest opinion. If someone keeps files like ccinfo they have to worry about being jacked then they deserve it. Should it happen. U shouldn't keep things on your phoney don't want the rest if the world to have
Sent from my Cyanocrack using Xparent Blue Tapatalk
You don't need to keep credit card info on phone, your using the credit card via Market or logging in to bank on phones browser is enough to intercept your credit card info. Your browser may show you xxxxxxxxxxxx+"last four digits only" but that doesn't mean the data to and from your device doesn't contain exact credit card number. It's encrypted, but that is merely a minor inconvenience for a hacker.
That is why being rooted is not advised to everyone. Mainly if they don't know what they are doing. Also customs roms are not for everyone. People flash them cause they think its cool and don't understand what they are doing. That is their problem. People should pay attention to the permissions that am app asks for. Common sense is the best protection. Main reason I don't do anything that deals with a bank on my phone.
Raoa said:
I have not seen much talk about security in XDA.
Click to expand...
Click to collapse
There's talk. It's just not on important yet, because the android device is not being marketed like an OS is with a personal computer.
However, the more we do on our phones, the more we'll realize it needs protection like firewalls. We catch a few like CIQ or the Wimax exploit, but it's going to get worse as we advance in our integration. We do need to start now before exploits get worse and stay ahead of the curve.
Until that time, 4G exploits and root kit programs will run freely on our devices that houses a lot of our personal information.
Plus, for some stupid reason, there are a lot of people who think Linux is immuned to viruses and security holes due to it's code transparency. Android is being mainstreamed. It will soon be a continuous target like other existing popular software programs and operating systems.
And that's why iOS is far superior even without widgets or live wallpapers.
Something to think about.thanks for posting.
Sent from my HTC Glacier using XDA App
alex2792 said:
And that's why iOS is far superior even without widgets or live wallpapers.
Click to expand...
Click to collapse
IOS and Mac are just as vulnerable, maybe even more so because of there popularity and the misconception that IOS is secure and does not need AntiVirus protection. Just last week i removed a nasty virus on a brand new Macbook Pro so that is not the way to think. You need to act as if there are security issues and just be really careful at what link you click and what email you open.
mattfox27 said:
IOS and Mac are just as vulnerable, maybe even more so because of there popularity and the misconception that IOS is secure and does not need AntiVirus protection. Just last week i removed a nasty virus on a brand new Macbook Pro so that is not the way to think. You need to act as if there are security issues and just be really careful at what link you click and what email you open.
Click to expand...
Click to collapse
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
I am not an expert on iOS nor do I have any wish to even know or use it, because Apple buys from suppliers that emply child labor and sweatshops.
When Linux started spreading around people also thought it has no viruses.
Same story repeats with every software.
For each different OS it takes merely time before people start to notice that their OS has viruses/trojans/spyware too. That doesn't mean their OS is not targeted. You should expect all sorts of thieves to use any and all opportunities.
Secondly OS does not matter so much as the matter that your device is connected to wifi, data, bluetooth, et or not. IP addresses, MAC, IMEI, etc they all stay the same on every platform. No matter which OS, they all connect to wireless networks, cell network, data, bluetooth, etc which all have set standards.
So someone wanting to track, spy, get your private info simply has to intercept the data your device sends to any network. If you don't use strong encryption to send info via network then it is easy to "wiretap" you.
Why is there so much spam, viruses, spyware in internet today? It's because the software managing internet is not made to be so secure. If it were secure then it would also be more private and safer for people to chat over net.
So not only OS's need to be more secure, but the very internet itself needs to be reformed.
This relates to SOPA and PIPA. Had those two bills been passed the next step would have been logically to make changes to all networks so you'd be more easily trackable, hackable, "wiretappable". It's simply logical, cause SOPA, PIPA were so defunctly worded as if asking/preparing for a third bill to regulate the networks.
So we must make sure that internet will be reformed for the private users and not for greedy corporations. We would not need to buy anti-spyware, anti-virus software if the internet were truly engineered for the welfare of humanity.
You could use any OS, bugged or not and not be afraid of loosing your property or privacy if the internet would stop such acts before they could harm you, the individual who is supposed to truly and freely benefit from the services; either for free or for honest price, but now you are robbed and think it is good to pay the thieves.
Raoa said:
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM.
Click to expand...
Click to collapse
Please elaborate. The sandbox does prevent one app from reading the data of another, such as the CC info from the Market.
Also, are you sure Market sends the entire CC number? There's no reason for it to send it, the transaction is performed on Google's servers.
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Click to expand...
Click to collapse
Are you talking about viruses or malware? Please don't conflate the two.
Malware is easy to take care of - check the apps you're downloading for what permissions they want. It's as simple as that.
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just before xmas an iphone developer admitted to deliberately uploading malware in his ios app to show malware can easily affect iphone.
http://m.intomobile.com/2011/11/08/security-expert-sneaks-malware-into-iphone-app-store/
That was for normal iphones. For jailbroken ones there are more malware apps.
Dave
Sent from my LG P920 using Tapatalk
Raoa, your absolutely right.
I've had the exact same thought recently
Its like the overall view of the Android landscape is ridden from real security apps, for the simple purpose of have the platform as open as possible. And while this is good for developers and users of this and other serious forums, its also open for the "dark" communities as well.
I often ask myself, if the ROM devs onboard have these thoughts themselves, as in, what is my source of this modded apk, is is straight from the Market or from another dubious, (do I dare say chinese forum, just an example)
And how clean is my code really?
And is all mods just legit just cuz they are from here?
I love that we have so many ppl having a desire to mess around with the OS, but I miss, as you say, the talk about having a go on security as well.
I dont know, but I do think that awareness, as you initial post direct us to, should be raised, as a natural step for any serious dev and users in general on XDA, to be more aware, of the code.
Im on my first year as an Android user, and ofcourse did have to gain root on my splendid Sensation. Why?, cuz I needed the security tools requiring root.
Ask again, why? Cuz I came from Winblows 7, and know what a jungle software is, and that is is indeed exploitable, like hell, you might say.
And Im gladd I did gain s-off and root, cuz its really really needed fo youre just a little concerned about your privacy in, mails, sms, location, usage pattern, netbanking, dropobox deposits of your ****, some might even be work related and therefore hold more than just your own privacy.
And then there is what you mentioned, our devices unique ID's, the intent "app install referrer" to "plug" you into admob/google analyzer and so on.
I love one guy here, Treve, who made the HTC tool for scanning for ****, Logging Test Tool, and in version 10, he made it aware of admob/mobclix/analytics, and my god it find a lot...
So Treve, please, if you read this, just go on, as every version you make is getting finer and finer.
We could learn from this guy, and others here that got more code-insight.
What we CAN do as a community at the very least, is to share our knowledge and tips for securing our phones.
HOST filtering, code scanning of apks and so on. using AV's and firewalls and so on.
Right from the start I noticed that Android is not a clean OS, nor is its app market, and I noticed this cuz I have another splendid little Linux system at hand, Smoothwall Express with url filtering and proxy enabled
and My god is Android and its aps LEAKING!
Have a look in your urlfilters on a standalone firewall the step after your wireless android phone, and watch how much **** is going on.
Well, I can tell you for a start that I have added atleast 100 new domains to my custom urlfilter, besides the casual downloadable HOST filters around the net, like the ones found in AdblockPlus and so on. But after android, heh, you need more than just advertising filtering, that much I can say.
Just as an example, like those you mentioned, I have one too, that I was made aware of by Avast on my phone tonight, that ChompSMS was being flagged as malware/trojan.
I thought, **** man, why this crap, Im quite fund of Chomp, really.
So I thought, no, imma let more that Avast on my phone have a go.
So I File Expert dump the full apk, and uploaded it for a scan on virustotal, just for the sake of it. And whatta'ya know, ClamAV, GData, Kaspersky, NOD32, and Sophos flagged it as that same Plankton.G variant as my on-phone Avast.
Great, I thought (sarkasm intended)
I thought a bit further and picked up APK Multi-Tool, had a decompile and a content-scan for just "http" in is readable code.
12 different domains is mentioned so far, and I didnt even poke in all of its xml's, just the smali's
I know android is by a far stretch advertising born, and ofcuz the app devs have a right to earn their money, no doubt about that, and I gladly pay for the good ****, like most ppl here believeably do, but.. 12 different .com's mentioned in its code is a no go for me.
I have earlier used Privacy Blocker, and Privacy Inspector from XEUDOXUS in the market, to make permission scanning, beside using LBE/HOST/Avast, and I like those two aps, the Inspector one is free but only can scan.
The paid Blocker can "repair" as a feature, but its not maintained enuff, so it often fails to make installable apks, so not really worth it for me anymore, but as a free too, it can tell you more about those permissions you mentioned.
But enuff said from me for now, lets just collect and share our tips and tricks, ALSO for security, not just developing ROM and mod's and hacks, as thou they are fine, if not to say, so cool and great, but, we need to be secure too.
Please do not polute the discussion with IOS vs Android and what not, cuz thats not the purpose of it, even thou it definitly concerns (g)A(r)pple products too.
Sincerely, Omnius
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Iphones can get viruses they come through SMS's and other sources not as bad as android apple keeps there market much more under control, but everything is vulnerable i work in a security team for a big corp and believe me nothing is safe.
Check these articles out i just found them on google.
I remember a while ago maybe a year or so there was a huge security hole in IOS5 and Mac waited a long time to tell the public and release a patch. The one major problem with Apple is when there are security threats they really try to keep it hush...Iphone's OS is tight but not totally secure. Its not viruses either its moslty just malware that charges you tons of money in texting i saw once an iphone that turned into a bot and at midnight it would dial a 900 number and just sit there all night at like $20 bucks a minunte then disconnect when it felt the phone move.
http://www.mactrast.com/2010/07/iphone-virus-discovered-be-vigilant-and-seek-advice/
http://techfragments.com/news/982/Software/Apple_iPhone_Virus_Spreads_By_SMS_Messages.html
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
weedy2887 said:
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
Click to expand...
Click to collapse
I wouldn't be so fast to praise MIUI.
weedy2887 said:
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
Click to expand...
Click to collapse
The problem is the "Average Joe" doesn't even look at those or doesn't know what they mean. I see so many viruses/malware/open security holes just because of user error its insane. Almost 90% of security breaches or problems originate from the end users not paying attention or just not knowing or caring. Also another thing i see so much when new clients call me with there servers melting down and all there banking info being stolen is they haven't installed any updates on there servers since they were set up 2-5 years ago. I worked for a large industrial supply company and all there servers running MS Server 2008 no updates had been installed and they were using AVG free on there main SQL server...INSANE LOL
Then theirs the users, "my computer was fine until my friend on facebook wanted my SS# and mothers maiden name and insisted i open his email attachment, now its acting weird what do you think is wrong?"
Brutal
what is the 4g exploit that you are talking about? And is it only with wimax or is lte part of it as well?
Oneiricl said:
Malware is easy to take care of - check the apps you're downloading for what permissions they want. It's as simple as that.
Click to expand...
Click to collapse
It's absolutely amazing that people are willing to put up with something so ridiculous.
Sent from my SGH-I897
I have just been reading a little about Cyan roms and a discussion about the new release of Android 4.3
It was interesting to read about a thing called TRIM that sounds like an OS level defrag type of thing that has been in linux for a long time but was never added to Android OS until now in the release of 4.3. Trim will be automated once over a 24 hour period providing the device has slept for an hour and has 80% charge or 30% while charging. Then it will organise ssd space and make the device run quicker thus preventing over time slow downs which to me sounds great, to others there is an "about time" thing happening and to a few people, pure shock that it isn't there already.
There are some concerns about the need for root access saying that only certain things need root these days and it seems people are glad not to need it anymore. The slight glow of wonder was around the risks of security so I have to ask and while I am a total novice around words like root and a linux based os in any event I have to ask
What are the risks with rooting and security ?
I read about some apps need root to work which I already knew... things like file managers and wifi apps etc.
[A] 4.3 - Trim added, root might leave and security?
First off, what's rooting?
Rooting is a process that allows you to attain root access to the Android operating system code (the equivalent term for Apple devices id jail-breaking). It gives you privileges to modify the software code on the device or install other software that the manufacturer wouldn't normally allow you to. And for good mobile security reasons: they don’t want users to make modifications to the phones that could result in accidents beyond repair; it is easier for them to offer support if they allow users to only use the same unmodified version of the software. But tech savvy users have already developed rooting methods, which vary depending on device. They are available on the web, and more and more Android users are resorting to them because of the powerful perks they provide, such as:
Full customization for just about every theme/graphic
Download of any app, regardless of the app store they’re posted on
Extended battery life and added performance
Updates to the latest version of Android if your device is outdated and no longer updated by the manufacturer
But if you do it improperly, it can create havoc. And even done properly, if your phone doesn’t have proper antivirus protection for Android, rooting leaves your device open to all sorts of malware.
Click to expand...
Click to collapse
Now, say all these advantages have convinced you to root your Android device. But you can do it at your own expense, risking your own mobile security. Here's why:
You can turn your smartphone into a brick.
Well, not literally, but if you goof up the rooting process, meaning the code modifications, your phone software can get so damaged that your phone will basically be as useless as a brick.
Your phone warranty turns void.
It’s legal to root your phone; however, if you do it, your device gets straight out of warranty. Say you root your phone and some time after that, you experience a phone malfunction – hardware or software related. Because of the Android rooting, the warranty is no longer valid, and the manufacturer will not cover the damages.
Malware can easily breach your mobile security.
Gaining root access also entails circumventing the security restrictions put in place by the Android operating system. Which means worms, viruses, spyware and Trojans can infect the rooted Android software if it’s not protected by effective mobile antivirus for Android. There are several ways these types of malware get on your phone: drive-by downloads, malicious links, infected apps you download from not so reputable app stores. They take over your phone and make it act behind your back: forward your contact list to cybercrooks, sniff your e-mails, send text messages to premium numbers, racking up your phone, and collect personal data such as passwords, usernames, credit card details that you use while socializing, banking and shopping from your smartphone.
Mobile security advice
If you still want to root your device, make sure you research the process very well, as it differs depending on the smartphone type and brand. It’s better you ask for expert advice on dedicated forums, or better yet, ask a tech savvy person to root it for you. All these in order to ensure you don’t turn your device into a brick.
Install proper antivirus protection for your Android phone, even before rooting the device, to fend off malware infections.
Here's some good news: say you do resort to rooting your device. If for some reason you change your mind about it, you can always un-root it. In this case too, it’s better you ask for expert help.
codQuore said:
I have just been reading a little about Cyan roms and a discussion about the new release of Android 4.3
It was interesting to read about a thing called TRIM that sounds like an OS level defrag type of thing that has been in linux for a long time but was never added to Android OS until now in the release of 4.3. Trim will be automated once over a 24 hour period providing the device has slept for an hour and has 80% charge or 30% while charging. Then it will organise ssd space and make the device run quicker thus preventing over time slow downs which to me sounds great, to others there is an "about time" thing happening and to a few people, pure shock that it isn't there already.
There are some concerns about the need for root access saying that only certain things need root these days and it seems people are glad not to need it anymore. The slight glow of wonder was around the risks of security so I have to ask and while I am a total novice around words like root and a linux based os in any event I have to ask
What are the risks with rooting and security ?
I read about some apps need root to work which I already knew... things like file managers and wifi apps etc.
Click to expand...
Click to collapse
I don't think there is much to worry about root!
its just some restriction by companies to earn more money by bloatware.
however use supersu and to control security ,allow only trusted app root accsess.
CVE-2014-3153 was published 5 June 2014.
Affected Kernels: <= 3.14.5 (see specifics)
Affected Devices: Multiple!
As of last night, security researcher @geohot proved that the Samsung Galaxy S5 from AT&T
was vulnerable, by gaining root. He also believes the Verizon version is affected.
The details of this can be found here:
http://seclists.org/oss-sec/2014/q2/467
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3153
http://www.reddit.com/r/netsec/comments/27fl04/another_linux_kernel_exploit_this_time_reachable/
The description of the vulnerability is best described by the comments from the experts themselves:
From seclists.org:
Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
Click to expand...
Click to collapse
Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0. This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive).
Click to expand...
Click to collapse
This is a serious flaw from all levels, as one commenter state:
Indeed. This is probably the biggest security flaw in Linux in the past 5 years (if not the biggest ever) since it allows a full kernel compromise even from extremely tight sandboxes...
Click to expand...
Click to collapse
Or as user gsuberland writes and explains in this Reddit thread:
Ok, so I read the code, and I think I know what's happening. A futex is a "fast usermode mutex", which is kind of locking mechanism for memory pages that prevents bad things like two threads writing to a page at the same time.
There's a function in the implementation called futex_requeue(), which "requeues waiters from uaddr1 to uaddr2". I'm not really sure what that means, but basically uaddr1 is the address of a source futex in user-mode memory, and uaddr2 is the address of a destination futex in user-mode memory. But, because it was assumed that they'd always be distinct, the code provisions a bunch of stuff expecting to have two objects to deal with, and in the end some of them are just left there doing nothing - they point to uninitialised structures or memory.
Basically, the trick is that if you get a futex and call futex_requeue() with your futex as both uaddr1 and uaddr2, the structure that describes the futex (in user-mode memory, which you can access) is left with "dangling pointers", i.e. pointers to memory that hasn't been allocated yet. By then looking at those pointers and allocating memory to the locations it describes, you can write your own stuff there. Once execution passes down to kernel-mode, you've essentially got a situation where kernel-mode code is using data that you control, but in a context where it expects the data to be trusted. This could lead to all sorts of nasty stuff like read-what-where or write-what-where conditions, which can be used to privesc.
I probably got some of this wrong so don't quote me, but hopefully I at least described the core of the issue correctly.
EDIT: Also, I don't know why this is linked to as an "exploit". The Chrome bit makes sense once you read OP's comment about the sandbox escape - basically Chrome didn't restrict certain futex-related calls which could be used to trigger this bug. I still don't know how exploitable it is, though, or which vector would be used to exploit it. As far as I can tell it's just a "this is probably bad" situation until someone finds kernel-mode futex code that can be messed with by crafting data to coincide with the dangling pointers. Feel free to correct me if I'm wrong, though.
Click to expand...
Click to collapse
Since geohot said he wouldn't be releasing the exploit publicly, can we talk a bit of methodology/implementation. I for one would really like to get this moving forward for those having att & vzw. Basically, what do we need to do to trigger the futex_requeue error utilising chrome?
ks3rv3rg said:
Since geohot said he wouldn't be releasing the exploit publicly, can we talk a bit of methodology/implementation. I for one would really like to get this moving forward for those having att & vzw. Basically, what do we need to do to trigger the futex_requeue error utilising chrome?
Click to expand...
Click to collapse
Did I read right that it said you need a ChromeOS to be able to trigger it?
ks3rv3rg said:
Since geohot said he wouldn't be releasing the exploit publicly, can we talk a bit of methodology/implementation. I for one would really like to get this moving forward for those having att & vzw. Basically, what do we need to do to trigger the futex_requeue error utilising chrome?
Click to expand...
Click to collapse
kprice8 said:
Did I read right that it said you need a ChromeOS to be able to trigger it?
Click to expand...
Click to collapse
You do not need to execute this through Chrome. It is a generic flaw in the Linux kernel, that happens to be shared on many, many Android devices. I have been studying this for the Razr M (vulnerable), and have been coming up with theories how to implement this...
Basically, the futex_requeue error allows a segment of code to be written to memory, and then executed as root. This means that you can modify system files through this error, meaning that you can write scripting that will gain root, save it to the memory, and execute it.
I am trying to implement this on my Razr M, and have even more incentive seeing that it was used of the Galaxy successfully. I don't have a lot of experience in this area, but am researching a lot and have a couple of theories to try out.
I should note that this is just my understanding on the exploit, and I am only in the very early stages researching it... I could be completely wrong.
For those wanting to root a device using this vuln:
I don't believe this is a good vulnerability to target Android devices with, the difficulty is beyond most of us (myself included), and the success rate is going to be rather low on all/many/most devices. A more successful approach would be to spend the research time seeking another vulnerability.
ks3rv3rg said:
Since geohot said he wouldn't be releasing the exploit publicly, can we talk a bit of methodology/implementation. I for one would really like to get this moving forward for those having att & vzw. Basically, what do we need to do to trigger the futex_requeue error utilising chrome?
Click to expand...
Click to collapse
Chrome is not needed, Pinkie Pie used this vulnerability in conjunction with Chrome vulnerabilities when collecting a Chrome bounty (I could be wrong, I'm assuming without researching).
kprice8 said:
Did I read right that it said you need a ChromeOS to be able to trigger it?
Click to expand...
Click to collapse
No, see above
xKroniK13x said:
You do not need to execute this through Chrome. It is a generic flaw in the Linux kernel, that happens to be shared on many, many Android devices. I have been studying this for the Razr M (vulnerable), and have been coming up with theories how to implement this...
Basically, the futex_requeue error allows a segment of code to be written to memory, and then executed as root. This means that you can modify system files through this error, meaning that you can write scripting that will gain root, save it to the memory, and execute it.
I am trying to implement this on my Razr M, and have even more incentive seeing that it was used of the Galaxy successfully. I don't have a lot of experience in this area, but am researching a lot and have a couple of theories to try out.
I should note that this is just my understanding on the exploit, and I am only in the very early stages researching it... I could be completely wrong.
Click to expand...
Click to collapse
Can you test my Pie exploit on that device?
jcase said:
For those wanting to root a device using this vuln:
I don't believe this is a good vulnerability to target Android devices with, the difficulty is beyond most of us (myself included), and the success rate is going to be rather low on all/many/most devices. A more successful approach would be to spend the research time seeking another vulnerability.
Chrome is not needed, Pinkie Pie used this vulnerability in conjunction with Chrome vulnerabilities when collecting a Chrome bounty (I could be wrong, I'm assuming without researching).
No, see above
Can you test my Pie exploit on that device?
Click to expand...
Click to collapse
Yes, I am willing to test it, however, I believe it is confirmed not working for the 2012 Droid series (HD, MAXX, M).
Sent from my XT907 using Tapatalk
xKroniK13x said:
Yes, I am willing to test it, however, I believe it is confirmed not working for the 2012 Droid series (HD, MAXX, M).
Sent from my XT907 using Tapatalk
Click to expand...
Click to collapse
Let me know, it was working a few months ago but may have been patched
Sent from my MotoX+1 using XDA Premium 4 mobile app
jcase said:
Let me know, it was working a few months ago but may have been patched
Sent from my MotoX+1 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I believe it was patched with the KK update, but I'll let you know later today. If you have anything else to test just let me know!
Sent from my XT907 using Tapatalk
---------- Post added at 11:30 AM ---------- Previous post was at 11:13 AM ----------
jcase said:
Let me know, it was working a few months ago but may have been patched
Sent from my MotoX+1 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
It indeed failed,
Code:
rm failed for /data/local/atvc/blop.asec, No such file or directory
rm failed for /data/local/atvc/blop, No such file or directory
If there's any other ideas, let me know, I'd be glad to help. We can also move to PM's if you would prefer. :good:
xKroniK13x said:
I believe it was patched with the KK update, but I'll let you know later today. If you have anything else to test just let me know!
Sent from my XT907 using Tapatalk
---------- Post added at 11:30 AM ---------- Previous post was at 11:13 AM ----------
It indeed failed,
Code:
rm failed for /data/local/atvc/blop.asec, No such file or directory
rm failed for /data/local/atvc/blop, No such file or directory
If there's any other ideas, let me know, I'd be glad to help. We can also move to PM's if you would prefer. :good:
Click to expand...
Click to collapse
Those errors are meaning less, just pre-emptive clean up. If it didn't work, it is probably patched
jcase said:
For those wanting to root a device using this vuln:
I don't believe this is a good vulnerability to target Android devices with, the difficulty is beyond most of us (myself included), and the success rate is going to be rather low on all/many/most devices. A more successful approach would be to spend the research time seeking another vulnerability.
Click to expand...
Click to collapse
How do you know how difficult it is, if you haven't done it?
Most of the time difficulties are overcome by new ideas and fresh angles.
And all of the time I am wondering who you "actually" work for?
And now I wonder how the #$^# (mod edit) you can be more "successful" looking
for unknown vulnerabilities, when you have a great one already sitting
on your desk?
Basically you're saying; if you venture out to planet X and look for new fish in
the oceans there, you're less likely to go hungry, than if you figure out how
to cook and eat the one in your home aquarium. I just don't understand why
you would say such a thing.
E:V:A said:
How do you know how difficult it is, if you haven't done it?
Most of the time difficulties are overcome by new ideas and fresh angles.
And all of the time I am wondering who you "actually" work for?
And now I wonder how the #$^# (mod edit) you can be more "successful" looking
for unknown vulnerabilities, when you have a great one already sitting
on your desk?
Basically you're saying; if you venture out to planet X and look for new fish in
the oceans there, you're less likely to go hungry, than if you figure out how
to cook and eat the one in your home aquarium. I just don't understand why
you would say such a thing.
Click to expand...
Click to collapse
For one, if you want your threads to stay open, don't curse at mods giving you accurate advice.
I know it is difficult because I spend all day researching android security and actually looked at it?
Who I work for is well public, it was even published on XDA's portal. As they say, the search feature is your friend. Who do you work for? Since mine is public, and you questioned mine, I think you should make your's public.
How you can be more successful? Because for most people capable of developing at futex exploit, it would take less time locate an easier vulnerability. Even GeoHot took 4 days to develop his futex exploit, and it has something like a 10% success rate. I do believe his skill level in this field is beyond most of the people posting in this sub forum.
If you go to planet X, and you see a fish that is obviously extremely hard to catch by looking at it, and it is also slippery so once you catch it it might escape, or you see a bunch of trees that probably have plenty of bananas if you go an Look. Where do you go for your food supply? Do you spend a months trying to eat the fish, or a few hours picking bananas? Of course you go and find the bananas.
jcase said:
For one, if you want your threads to stay open, don't curse at mods giving you accurate advice.
Click to expand...
Click to collapse
You know that I know better, than cursing at the mods I most often find helpful.
That is just a quirk of English, that "you" can be very personal or it can be
the completely opposite. I was simply Cursing out Loud. (CUL?)
Anyway, I have the right to question such statements regardless of their origin. And at that, it was not clear at all that you actually had been looking closer at it. BTW. I don't really care who you work for. Just a flash in my mind, that I should have kept to myself.
Thanks anyway.
Can people please quit arguing and just find a mostly successful exploit? No good is coming from any of this. Every thread I read is 90% bickering and 10% people volunteering to test when a method is ready. If I knew anything about how this stuff works I would be too busy digging to post complaints. Just saying.
weasel87 said:
Can people please quit arguing and just find a mostly successful exploit? No good is coming from any of this. Every thread I read is 90% bickering and 10% people volunteering to test when a method is ready. If I knew anything about how this stuff works I would be too busy digging to post complaints. Just saying.
Click to expand...
Click to collapse
Everything is cool now. There's a lot of stuff bubbling under that will surely surface soon. Some which already have. Just search XDA for "S5 root".
"..There's a function in the implementation called futex_requeue(), which "requeues waiters from uaddr1 to uaddr2". I'm not really sure what that means, but basically uaddr1 is the address of a source futex in user-mode memory, and uaddr2 is the address of a destination futex in user-mode memory. But, because it was assumed that they'd always be distinct, the code provisions a bunch of stuff expecting to have two objects to deal with, and in the end some of them are just left there doing nothing - they point to uninitialised structures or memory.
Basically, the trick is that if you get a futex and call futex_requeue() with your futex as both uaddr1 and uaddr2, the structure that describes the futex (in user-mode memory, which you can access) is left with "dangling pointers", i.e. pointers to memory that hasn't been allocated yet. By then looking at those pointers and allocating memory to the locations it describes, you can write your own stuff there. Once execution passes down to kernel-mode, you've essentially got a situation where kernel-mode code is using data that you control, but in a context where it expects the data to be trusted..."
aah, terminal - "man futex" .. the man pages -
http://man7.org/linux/man-pages/man2/futex.2.html
how it ties in with the mobile phones, it has to do with the network sockets within the android (linux) kernel..
even the nexus 5 is reported to be issued an security update in relaton to this - https://community.sprint.com/baw/thread/163896 & that's only labeled a *security patch*...
these socket views came up some years ago, in the gnome d.e. & was asked about, & they're all related to network timing sockets -
What is the “Waiting Channel” of a process?
~good link~
you could actually see them, then analyze them later with the netstat command, & see the process in action via **cat /proc/some_pid/stack** in a shell..
in the upper userspace, you can *feel* it on action on your phone;
especially on a nexus 5 on sprint -
it's single path at a time triband rf chip when it lulls to/from lte to 3g at times, some ppl complain they see a *telephone calls unavailable now* or something to that nature,
or wifi that won't catch when turned on
or an lte signal that simply won't latch, keeping them stuck on 3g..
underneath in that chipset, it's like a human mind processing a blank for a few trying to decide before acting,
** it's that dead moment**
right then, that this issue speaks of, like below from that gnome link in '10..
1.A task can be either a Process3 or a Thread2
2.A Thread is a sub-section of a Process. Many threads can run parallel
3.A process is a full-blown program, it consists of one or more threads, though a program can consist of multiple processes as well.
4.Remember, this is still a very high level view of things, it's not considering the implementation details
•
__skb_recv_datagram
Wait for some data on a locked network socket.
•
sk_wait_data
Wait for some data on a network socket.
•
do_exit
This is the last part of quitting a process. do_exit() calls the schedule() next, to schedule another process. When do_exit() is called, the process is a ZOMBIE.
•
do_wait
A process is added to the schedulers wait queue.
•
pipe_wait, unix_stream_data_wait
A Process is waiting for data from a subprocess. This happens, for example, when you run this sort of code:
ooh, the *top* command can expose the upper levels of those processes also!
you know when i can *see* it?
when i'm listening to music while riding the subway underground with my nexus 5;
as my signal changes between stops losing service, re-gaining it.. it effects the volume of the music, this morning, the train had to pause between stops in a tunnel, & my music player sounded kind of muffled but the music was, edible for my ears, that pause in the tunel, made the nexus 5 lose total signal, & BAM, that loss, of processing in the networking , gave me gain in volume with the music player!
it's related to one chip doing all the work...
xKroniK13x said:
You do not need to execute this through Chrome. It is a generic flaw in the Linux kernel, that happens to be shared on many, many Android devices. I have been studying this for the Razr M (vulnerable), and have been coming up with theories how to implement this...
Basically, the futex_requeue error allows a segment of code to be written to memory, and then executed as root. This means that you can modify system files through this error, meaning that you can write scripting that will gain root, save it to the memory, and execute it.
I am trying to implement this on my Razr M, and have even more incentive seeing that it was used of the Galaxy successfully. I don't have a lot of experience in this area, but am researching a lot and have a couple of theories to try out.
I should note that this is just my understanding on the exploit, and I am only in the very early stages researching it... I could be completely wrong.
Click to expand...
Click to collapse
you know, since yesterday, i've been thinking, & pondering about this exploit, it's not the same as on desktops, many processing calls DO makes Lo (or loopback / 127.0.0.1 for window users) calls that don't hit the outside..
but with phones, these are different beasts, (they are networking animals) their design is currently for TOTAL world facing calls to the outside, mostly, & with android phones which this exploit adresses, & with the newer qualcomm chips being single pathed, that plays a significant part in this..
the post i made on how to overcome the ecsbf issue - http://forum.xda-developers.com/google-nexus-5/help/nexus-5-e-csfb-issue-t2729014 which i DEARLY wanted participation, but i think it went clean over everyone's heads, even the mod that closed it, it was relating to the how these chipsets interact with the network at hand (sprint's)
the biggest issue with the chipset was that it was an asymmetric multiprocessor, i mentioned it before - http://forum.xda-developers.com/showpost.php?p=52708292&postcount=15
in the last link i posted (What is the “Waiting Channel” of a process?), that guy stated -
"..If you really want more detailed information you could check the kernel source.
If you type cat /proc/some_pid/stack in a terminal you'll get some output like that one :
[<c0227f4e>] poll_schedule_timeout+0x3e/0x60
[<c022879f>] do_select+0x55f/0x670
[<c0228f40>] core_sys_select+0x140/0x240
[<c0229241>] sys_select+0x31/0xc0
[<c05c9cc4>] syscall_call+0x7/0xb
[<ffffffff>] 0xffffffff
And on the first line you get what's displayed on the system monitor. As far as I know, poll_schedule_timeout indicates that your process is waiting for something.
It deals with asynchronous I/O and polling..."
reference - Asynchronous I/O
...............
android is linux at it's heart, & what does linux have as a stateful firewall, yes, **iptables** built into the kernel!
we have to find out what effects this exploit has on the stateful tables in the kernel to create the gateway for the exploit(s) ..
has to be the tables, with the single chipset qualcomm has unleashed, 3g (gsm / cdma) switching to & from lte, & wifi, presents a new ip address everytime, it's NEVER the same IP addy while in wifi, 3g or 4g.. & how many times within **an hour** does a phone switches just between 3g & 4g?
we have to find out how futex_requeue() effects iptables..
i have to give credit to another poster today, which made me post what i suspected, he found this gem -
"..I think i've found an acceptable explanation from another site for z4root and it must be almost the same with towelroot:
What z4root (or any other rooting program) does it runs some exploit to change its own uid (user-id) to 0 (root). You can think of it as of performing some kind of hack and tricking kernel into thinking it actually has the right to be root (then if z4root was a virus it could do everything with your phone from installing keyloggers to bricking it). Of course if it is possible to trick kernel in such a way to give you root access it is considered a security vulnerability (any app could do that and perform some malicious stuff) and usually gets fixed in future kernel updates (that's why z4root may not work if you upgrade your firmware).
When z4root has set its uid to 0 it does the following: remounts /system partition as writable (by default it's read-only), copies over su binary, Superuser.apk and busybox and then remounts /system back as read-only.
So how does the su binary give you root access without doing "the hack" thing when normally applications have same uid as parent process? This is because su binary has set-uid flag set and is always ran as uid 0 (root).
Now, if you have copied su binary over to /system/bin then you must have had root access which means you have to change owner/permissions (chown root:root /system/bin/su; chmod 6755 /system/bin/su). .."
from - http://forum.xda-developers.com/showpost.php?p=53492633&postcount=71 (i'm going to thank him after this post)
we know busybox on the linux desktop is simply a window manager, like fluxbox, like what i use, openbox, or metacity, etc, they all make Lo calls...
this exploit is a 2-3 step exploit; it CAN'T have r00t privileges w/o 1st, gaining access, which means, it must 1st be granted r00t access to network sockets (**THE** MOST DANGEROUS THING TO GRANT) TO DO the rest...
towelroot is called a root *toolkit*... lol
but, if you snatch the *tool* from root toolkit...
imaleave it alone.. lol
it's not that towelroot, was **malicious by intent** ;
i don't believe so, it was coded with good intentions, it's just had, a nasty side effect; in a nutshell -
". . .the app runs some code, the code crashed [sic] android and leave it confused, in its confused state it thinks that the app should be root, then the app installs something to allow other apps to become root..."
‘Towelroot’ exploit reveals security nightmare for Android
me.. i like to understand HOW things work, see & study the source of why it fails, or why it does things better than whatever, before simply adding it in, w/o any understanding at all of how it work.. that's just me...
like if i'm to modify the radio on the nexus 5, do i understand HOW it works better than the older or newer radio? .. many would ask "should i"?
just take it on word from others that it just works, or an issue is what it is, ther's no way around it...
sorry, i'm not built like that..
Hi,
Where I download source of exploit using CVE-2014-3153?
Thanks
Alex
Anyone happen to know where a public exploit for this can be found searched google mainly sites that talk about it but it doesn't appear to be public so i assume its still a 0day.
Guess i better check my servers kernel version and see which one my vps is running i never checked but i was curious to see just never got around to it im that lazy to ssh into my vps.
ZaraByte said:
Anyone happen to know where a public exploit for this can be found searched google mainly sites that talk about it but it doesn't appear to be public so i assume its still a 0day.
Guess i better check my servers kernel version and see which one my vps is running i never checked but i was curious to see just never got around to it im that lazy to ssh into my vps.
Click to expand...
Click to collapse
I couldn't find the source to any, but it would be simple to check your kernel version and update it!
Sent from my RAZR M xt907 (KitStalk) using Tapatalk
Ladies and Gentlemen,
I am opening this discussion in order to not only receive some high-quality answers on the following questions, but also to learn what everyone does in order to ensure security and integrity of Apps on their phones (especially when working in environments where attacks are likely or possible due to intersting files on the phone or similar).
Here is my question: Let's suppose a phone is ROOTED, is locked with a Pattern, is updated daily, has TitaniumBackup installed, runs Trust as well as an Antivirus App and on top of that, installed Apps are monitored in a regular basis through TitaniumBackup. Is it even possible for law enforcements or hackers to install malware? If so, what would be necessary for them to do so? Physical access? Malformed Apps with matching signature? Other types of attacks (encouraging @He3556 the owner of Smartphone Attack Vector to chime in)?
Second question (hope @jcase can answer this): What would be the best way of preventing attacks of afforementioned groups and alike? What do YOU personally do?
SecUpwN said:
Ladies and Gentlemen,
I am opening this discussion in order to not only receive some high-quality answers on the following questions, but also to learn what everyone does in order to ensure security and integrity of Apps on their phones (especially when working in environments where attacks are likely or possible due to intersting files on the phone or similar).
Here is my question: Let's suppose a phone is ROOTED, is locked with a Pattern, is updated daily, has TitaniumBackup installed, runs Trust as well as an Antivirus App and on top of that, installed Apps are monitored in a regular basis through TitaniumBackup. Is it even possible for law enforcements or hackers to install malware? If so, what would be necessary for them to do so? Physical access? Malformed Apps with matching signature? Other types of attacks (encouraging @He3556 the owner of Smartphone Attack Vector to chime in)?
Second question (hope @jcase can answer this): What would be the best way of preventing attacks of afforementioned groups and alike? What do YOU personally do?
Click to expand...
Click to collapse
Pe rooted, with common rooted apps installed? Would be easy to compromise that phone, as you have already done it for them.
Use a stock firmware, chose a vendor with a recent history of good security (Samsung, nexus, motorola in that order imo), keep it up to date, reduce the number of apps you run, don't root it. Disabled usb debugging.
jcase said:
Pe rooted, with common rooted apps installed? Would be easy to compromise that phone, as you have already done it for them.
Use a stock firmware, chose a vendor with a recent history of good security (Samsung, nexus, motorola in that order imo), keep it up to date, reduce the number of apps you run, don't root it. Disabled usb debugging.
Click to expand...
Click to collapse
Thanks for answering. So that means, in short words, buy a phone and only update official stuff. How boring, I wouldn't be here on XDA then! But I get your point. I'm especially interested in the question of detection. If such agencies have installed anything that would leak data (and I'm sure it's fairly easy to do for them), how would they hide that specific App from the list of TitaniumBackup? Also, how would they trick the Trust Even Logger created by @Dark3n to not show any installation?
Most importantly though, is there some way of detecting such installations or manipulations afterwards?
There is growing so called "Zero-Day-Exploit" Industry, with names like vupen or FinFisher , the one who are working for the German Gov. but also for countries like Saudia Arabia and Iran. They know how to find exploits, nobody knows about (zero-day) and program trojans for all kinds of platforms. So antivirus software can't help here. And it is easy to bypass security if you know one of the bugs - and we know there are many of them in firmware, operating systems, plugins, frameworks and so on... Beside this "white" marked there is also a grey and black marked. So if you need to track your woman or steal information from other companies, you will find somebody with a tool for that, i suppose.
You would need a "Intrusion Detection Software" - sorry but this won't work for Smartphones, because there is a lot of calculation, data and energy needed - you find this special hardware in big data centers.
Do not root and do not install Apps you don't really need is still a good advice, specially when people don't know so much about all this.
Another way to sneak in is to compromise the users pc, that is (maybe) connected to the phone sometimes (work with iphone sync but also with android to change DNS and get SMS with e-tan's - you will find more info it in the media)
Or if you have the "power" you can can use the cloud services (iOS, Google, Windows or other 3rd party services) to steal user data (sms, pictures, GPS history...) or just let it sync the malware to the phone. So you don't have to break in directly.
What would be the best way of preventing attacks of afforementioned groups and alike?
Click to expand...
Click to collapse
tomorrow i will have time, there are to many possibilities
Thanks for clarifying, @He3556!
Now I know that phones in general are hard to lock down for such agencies. Time to quote myself:
SecUpwN said:
Most importantly though, is there some way of detecting such installations or manipulations afterwards?
Click to expand...
Click to collapse
Hey @He3556, if you've been following security news the past weeks, this topic here is becoming more relevant with each revelation. Since the trojan-coding company FinFisher has highly likely been hacked and some cool whisteblowers are publishing very sensitve data like price lists and handbooks on their Twitter account GammaGroupPR, more details of their secret software FinSpy Mobile is being revealed. And this is exactly the type of software that I am talking about here in this thread. I want to know how users can protect themselves from crap like that. According to the video that has been leaked, It is being installed through a fake update, or even through messages via E-Mail to "please" install this "very important update":
And just to make everyone more curious, FinSpy Mobile has been leaked on Twitter! It obviously works for all operating systems, including Android, Blackberry, Windows Mobile, and Symbian. Another trophy is source code of FinFly Web, which found its way the code hosting platform GitHub. It is designed to provide remote and covert infection of a Target System by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface, enabling the Agent to easily create a custom infection code according to selected modules. Target Systems visiting a prepared website with the implemented infection code will be covertly infected with the configured software. Regarding FinSpy Mobile and similar software: How would law enforcements possibly attack a cautious member of XDA (or any other site)? I mean, people that have been in the field of flashing new ROMs, updating their firmware and recovery themselves, not installing strange APKs sent via E-Mail and controlling installed Apps through TitaniumBackup should be somewhat immune to such type of attacks, right?
It appears to me as if their software might work for the general masses, but highly-likely not on people like @jcase or other Android security-gurus. Since I linked you, I'd be very happy if you could expand on that a little. I am sure such companies might even have the possibility of messing with the baseband of a target phone through only knowing the phone number of a target. But I am really curious what their "standard procedure" is if they face a target with thorough Android knowledge, maybe even a security-enthusiastic Android developer. Wouldn't their only option be to manually manipulate the handset?
There are two methods to keep away all kinds of trojan and malware...
1. use a SIM with data connections only: There are SIM cards on the marked you can use in a USB Stick for Notebooks or tablets.
You won't have a cell phone number and can't receive SMS. You won't be able to use the circuit switched (GSM & UMTS-cs) part of your cell phone. For communication you have to use a VoIP provider - with Secure SIP and SRTP.
2. Web browser, Apps, e-mail client and all other connection must be use VPN.
But there is one more stepp to take.
The virtualization of all services and Apps you are using. This works like Team Viewer on a PC. The App is running on a cloud server while you only see the desktop of the remote controlled application. This technique is already used when you want to use flash with iOS device (photon, cloudbrowse, puffin and so on..)
More details about this you can find here: http://itwatch.info/Products/ReCAppS
But i am sure there are more projects about this out there...
He3556 said:
There are two methods to keep away all kinds of trojan and malware...
1. use a SIM with data connections only: There are SIM cards on the marked you can use in a USB Stick for Notebooks or tablets.
You won't have a cell phone number and can't receive SMS. You won't be able to use the circuit switched (GSM & UMTS-cs) part of your cell phone. For communication you have to use a VoIP provider - with Secure SIP and SRTP.
Click to expand...
Click to collapse
I know this works, but the only guy who is so insane and is already doing that is probably @InvaderX.
Honestly, what's the purpose of a phone if I can't receive SMS and call anyone without internet connection?
He3556 said:
2. Web browser, Apps, e-mail client and all other connection must be use VPN.
But there is one more stepp to take.
The virtualization of all services and Apps you are using. This works like Team Viewer on a PC. The App is running on a cloud server while you only see the desktop of the remote controlled application. This technique is already used when you want to use flash with iOS device (photon, cloudbrowse, puffin and so on..)
More details about this you can find here: http://itwatch.info/Products/ReCAppS
But i am sure there are more projects about this out there...
Click to expand...
Click to collapse
Better yet: Living under a rock should solve all these problems. Seriously though, can such law enforcement agencies silently update stuff on my phone (possibly baseband) that goes unnoticed even when using TitaniumBackup and flashing a fresh ROM every month? From the things you mentioned as for protection, I highly doubt that I'll move that way. And no matter how hard I try, the bad guys (or, to put it in the wording of those companies: the agencies that are "protecting our freedom") will likely always find a way in - even if that means tapping the phone through listining in on my calls or deploying an IMSI-Catcher. But talking about this makes me wonder: It seems as if the probability is high that most of the time they are selling a fake update to the target. Is there a convenient way of knowing that stuff like FinSpy Mobile has been installed, where such agencies can't possibly tinker with any records of what was happening on the phone? I especially check the Trust - Event Logger by @Dark3n very often. Could they change such records? Is there a better App to warn about unauthorizes access or (hidden) App installation?
Trust is not a security app!
If an attacker has root, you can just alter the database of apps like Trust, which would be the easiest way.
There are probably also ways to alter the system so it does not broadcast certain events(which is how Trust monitors most things).
It is just not build to withstand such attacks.
SecUpwN said:
Seriously though, can such law enforcement agencies silently update stuff on my phone (possibly baseband) that goes unnoticed
Click to expand...
Click to collapse
Maybe? But there are much easier ways if it is not desired to target specific persons.
I'll brain storm a bit for you:
I would divide the attack vectors into those that work with root and those that don't.
Without root apps can still do plenty of malicious actions, including tracking your position or uploading all files on your sdcard (INTERNET;SDCARD;LOCATION permissions) etc.
If an attacker gains root permission he could install rootkits, modify existing apps, inject malicious code into dex files of installed apps etc.
Basicly do what the hell he wants.
While not using a rooted device would certainly make it more difficult to do malicious things, it's doesn't prevent it.
A normal app you install could still root your phone through vulnerabilities. It works the same way apps such as TowelRoot or ZergRush root your phone.
Downloading new apps that request root is also very dangerous ofc, once you pressed "grant", it's too late, anything could have been done. So be wary when trying out new root apps of devs you don't know/trust?
Abusing trust in existing apps is probably the biggest danger.
The most obvious danger here is downloading apps you usually trust but from unknown sources.
Sure there could be signature issues when updating over your current app, but what if you don't have it installed? I could also think about a few ways to inject malicious code without altering the signature (did not try, just a thought, might be impossible).
The issue is that you probably wouldn't even notice, as the compromised app retains it's original functionality.
Want a botnet?
Inject malicious code into a popular root up that is paid, crack it and upload it somewhere.
While this more dangerous (or worth for an attacker) with root apps, it's still viable for non root apps, just pick one that already aquires many permissions.
It's way too easy, people constantly underestimate the danger of this. It's not all about piracy it's bad, it's a barn door sized security hole.
A bit more difficult variant would be abusing known security holes in existing apps that can be root or nonroot apps, such as modifying files the other apps uses, such that it executes your malicious code for you, so some type of code injection. First thought would be looking for root apps that use scripts or binary files and then check the permissions on those files to see whether they are writeable.
Now those are all ways to target a broad mass of users.
If a single user is the target, it would be more difficult, but there are still plenty of options:
- MITM attacks at public hotspots,
- Pressuring developers of apps you use. What dev wouldn't implement a security hole into an app of his, if a guy in a black suit comes up and points a gun to his head? Well that escalated quickly... But with "secret courts" and all the **** that happens secretly sanctioned or is just done by some agencies because they are above the law, is it really such an impossible scenario? The ends justify the means? Do they?
- My favorite plan yet, making a popular app themselves that they know you will try
It is usually never impossible, just a matter of resources and whether its unfeasible to spend so many resources on that goal.
edit: So the best course of action? Don't install anything you don't trust. Don't trust the manufactor either? Install a custom ROM, but as those often use binary blobs for certain parts of the software, it's not really a 100% solution... There could also be compromising hardware built in, but now I'm really climing up the tinfoil tree, but as recents new story suggest that the NSA is intercepting hardware packets from manufactors such as cisco to modify them, what's really impossible?
TL;DR Best course of action that is feasible to adhere to is probably to just not install stuff one doesn't know or trust.
edit2: More specific answers to your questions.
You might be able to monitor files changes on an a system level, but if your attacker gains highlevel priviledges, what keeps him from changing the monitoring system?
SecUpwN said:
Seriously though, can such law enforcement agencies silently update stuff on my phone (possibly baseband) that goes unnoticed even when using TitaniumBackup and flashing a fresh ROM every month?
Click to expand...
Click to collapse
How does TiBu help prevent such injection? Flashing a new ROM would probably undo such changes, but what prevents "them" from just doing it again.
SecUpwN said:
And no matter how hard I try, the bad guys (or, to put it in the wording of those companies: the agencies that are "protecting our freedom") will likely always find a way in - even if that means tapping the phone through listining in on my calls or deploying an IMSI-Catcher.
Click to expand...
Click to collapse
This is the thing, with enough resources, there is always a way.
SecUpwN said:
It seems as if the probability is high that most of the time they are selling a fake update to the target.
Click to expand...
Click to collapse
Exactly disguising as something legit is the cheapest way, "trojan horse".
SecUpwN said:
Is there a convenient way of knowing that stuff like FinSpy Mobile has been installed, where such agencies can't possibly tinker with any records of what was happening on the phone? I especially check the Trust - Event Logger by @Dark3n very often. Could they change such records? Is there a better App to warn about unauthorizes access or (hidden) App installation?
Click to expand...
Click to collapse
I don't know any surefire way to detect this. The issue is that with enough priviledges (which can be gained without authorization, zero day exploits are worth a lot money to "agencies" as well as criminal organisations, though I'm no longer sure where the difference is), you can just clean up your track of malicious behavior.
Whoa, this has to be the longest answer I've received since registering here. Huge thanks! Grab a coffee..
Dark3n said:
Trust is not a security app!
If an attacker has root, you can just alter the database of apps like Trust, which would be the easiest way.
There are probably also ways to alter the system so it does not broadcast certain events(which is how Trust monitors most things).
It is just not build to withstand such attacks.
Click to expand...
Click to collapse
Ok, fair. Will keep it anyhow.
Dark3n said:
Maybe? But there are much easier ways if it is not desired to target specific persons.
I'll brain storm a bit for you:
I would divide the attack vectors into those that work with root and those that don't.
Click to expand...
Click to collapse
Just to mention it here: An awesome site to see which attack vectors and vulnerabilities exist is Smartphone Attack Vektor by @He3556.
Dark3n said:
Without root apps can still do plenty of malicious actions, including tracking your position or uploading all files on your sdcard (INTERNET;SDCARD;LOCATION permissions) etc.
If an attacker gains root permission he could install rootkits, modify existing apps, inject malicious code into dex files of installed apps etc.
Basicly do what the hell he wants.
Click to expand...
Click to collapse
Ok, I get the point. Also like @jcase already pointed out: If we root, we pwn ourselves. And if we don't, too.
Dark3n said:
While not using a rooted device would certainly make it more difficult to do malicious things, it's doesn't prevent it.
A normal app you install could still root your phone through vulnerabilities. It works the same way apps such as TowelRoot or ZergRush root your phone.
Downloading new apps that request root is also very dangerous ofc, once you pressed "grant", it's too late, anything could have been done. So be wary when trying out new root apps of devs you don't know/trust?
Click to expand...
Click to collapse
I only install trusted Applications.
Dark3n said:
Abusing trust in existing apps is probably the biggest danger.
The most obvious danger here is downloading apps you usually trust but from unknown sources.
Sure there could be signature issues when updating over your current app, but what if you don't have it installed? I could also think about a few ways to inject malicious code without altering the signature (did not try, just a thought, might be impossible).
The issue is that you probably wouldn't even notice, as the compromised app retains it's original functionality.
Click to expand...
Click to collapse
Guess if I use the F-Droid Store I should be pretty safe, right? But don't worry, I don't rely on it - as for me, smartphones are huge bugs with touchscreens. That is why I also built a phone signal blocking pouch for myself and friends. Further good recommendations can be found on the bottom of my GitHub.
Dark3n said:
Want a botnet?
Inject malicious code into a popular root up that is paid, crack it and upload it somewhere.
While this more dangerous (or worth for an attacker) with root apps, it's still viable for non root apps, just pick one that already aquires many permissions.
It's way too easy, people constantly underestimate the danger of this. It's not all about piracy it's bad, it's a barn door sized security hole.
Click to expand...
Click to collapse
Actually, no. I already have two or three. Or maybe even four?
Dark3n said:
A bit more difficult variant would be abusing known security holes in existing apps that can be root or nonroot apps, such as modifying files the other apps uses, such that it executes your malicious code for you, so some type of code injection. First thought would be looking for root apps that use scripts or binary files and then check the permissions on those files to see whether they are writeable.
Now those are all ways to target a broad mass of users.
Click to expand...
Click to collapse
Good to know we've come to an end here. Reading all this makes me want to throw my phone out of the window.
Dark3n said:
If a single user is the target, it would be more difficult, but there are still plenty of options:
- MITM attacks at public hotspots,
Click to expand...
Click to collapse
I DON'T use public hotspots. Why? Because you can be almost certain that stuff will be logged and analyzed once you use that. Over here in my town, we've got a HUGE Apple Store. And guess what - FREE WIFI for everyone! Yeyyy... not.
- Pressuring developers of apps you use. What dev wouldn't implement a security hole into an app of his, if a guy in a black suit comes up and points a gun to his head? Well that escalated quickly... But with "secret courts" and all the **** that happens secretly sanctioned or is just done by some agencies because they are above the law, is it really such an impossible scenario? The ends justify the means? Do they?
You are right, threats against family, friends and relatives are a no-go. If I remember correctly, something similar had happened to my beloved XDA developer @idcrisis who invented CrossBreeder. He left development of his toolset because starnge things occured in his life which he linked to his development. Shortly after leaving his project, he proposed a new license: The Aware License. Hope this guy is still living a happy life, though. Added to the above security-issues: Trust NOONE! How come? Well, just read this stunning story I discovered yesterday where a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet adn surfing cat videos. ^^
Dark3n said:
- My favorite plan yet, making a popular app themselves that they know you will try
Click to expand...
Click to collapse
I don't quite get what you meanb by that. Please clarify, it sounds interesting.
Dark3n said:
It is usually never impossible, just a matter of resources and whether its unfeasible to spend so many resources on that goal.
Click to expand...
Click to collapse
The way I see it: The only thing that we have no real access to, is the baseband. I am sure that these are full of backdoors and switches for agencies that they just need to trigger - just like the Samsung Galaxy Backdoor discovered by Replicant.
Dark3n said:
edit: So the best course of action? Don't install anything you don't trust. Don't trust the manufactor either? Install a custom ROM, but as those often use binary blobs for certain parts of the software, it's not really a 100% solution...
Click to expand...
Click to collapse
Nope, I don't trust the manufacturer either. And I am SICK of bloatware! hence, I am a happy user of AOKP since several years - but regarding the binary blobs, I would certainly love to try out Replicant (sadly not yet available for the HTC One).
Dark3n said:
There could also be compromising hardware built in, but now I'm really climing up the tinfoil tree, but as recents new story suggest that the NSA is intercepting hardware packets from manufactors such as cisco to modify them, what's really impossible?
Click to expand...
Click to collapse
Nothing is impossible, everything can be done. A wise man once said: Everything you can imagine, will happen.
Dark3n said:
TL;DR Best course of action that is feasible to adhere to is probably to just not install stuff one doesn't know or trust.
Click to expand...
Click to collapse
Good advice, I already do follow that one. As already said, if I were a spy company, I'd just team up with manufacturers of basebands..
Dark3n said:
You might be able to monitor files changes on an a system level, but if your attacker gains highlevel priviledges, what keeps him from changing the monitoring system?
Click to expand...
Click to collapse
Highly-likely nothing. I already know that there is not much I can do to prevent them to get in, but at least I do want to detect them - and having such a detection mechanism raises the bar in disguising their actions even further - and who knows, maybe they're not interested anymore then?
Dark3n said:
How does TiBu help prevent such injection? Flashing a new ROM would probably undo such changes, but what prevents "them" from just doing it again.
Click to expand...
Click to collapse
Not much.
Dark3n said:
This is the thing, with enough resources, there is always a way.
Exactly disguising as something legit is the cheapest way, "trojan horse".
Click to expand...
Click to collapse
Absolutely right. But what I am really curious of: How do people from the security-community really protect their phones? Do you have friends that are using their phones to just communicate via VPN and VOIP, not sending SMS and never calling people? Perfect place for @InvaderX to chime in, he told me before to really do a combination of that approach.
Dark3n said:
I don't know any surefire way to detect this. The issue is that with enough priviledges (which can be gained without authorization, zero day exploits are worth a lot money to "agencies" as well as criminal organisations, though I'm no longer sure where the difference is), you can just clean up your track of malicious behavior.
Click to expand...
Click to collapse
Sigh.. mobile phones are a total threat to humanity, I get it..
At least I am not the only one paranoid about this kind of thing. LOL
lostangelintx said:
At least I am not the only one paranoid about this kind of thing. LOL
Click to expand...
Click to collapse
It doesn't have much to do with "Paranoia". The very reason you started to care about this, is because phones are in fact very insecure devices - most people just don't realize or care about it. Another very interesting thread I found lately: Android Security for Conscious Mind.
a tool against 0-day exploits
don't freak out to early - this tool is only for windows desktops.
But at least it shows how it could work for mobile devices, too.
It is called Enhanced Mitigation Experience Toolkit (EMET 5.0) ...is a utility that helps prevent vulnerabilities in software from being successfully exploited.
These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
SSL/TLS certificate pinning - This feature is intended to detect (and stop, with EMET 5.0) man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).
Ok, they do not guarantee 100% security - but who could? Even this software comes from Microsoft, it's still a good solution and closes the gap between anti-virus, firewall and keeping your software updated.
Here is a test from 2010 (EMET 2.0) http://www.rationallyparanoid.com/articles/emet-testing.html
And one of 2014 http://www.offensive-security.com/vulndev/disarming-enhanced-mitigation-experience-toolkit-emet/
Does anybody know a APP for Android, iOS, WP8 or BB?
Just a small side note:
In regard to device security vs. rooting.
There are essentially 2 schools of thought. On the one side we have those who believe we should trust the device manufacturers experience and knowledge to keep malware out of AOS, and you phone from spilling your data when stolen, which also means keeping users from rooting their devices, simply because they know security better, than the average user. (I think @jcase may be one of those, but he'd have to answer for himself.) On the other hand we have people like me, who firmly believe that the best way to keep your device secure is by being rooted, since we cannot trust anyone, especially large companies who scream "TRUST US". For us, we own the device and everything it does, and that your phone should not be able to send a single photon of radiation, without your permission. Then at least we have the choice to provide our own security by Firewalls, open source baseband, and encrypted phone calls etc. So no, this is not part of the majority of phone owners. But we think it should be. So who's right? Well, we're both right of course. What we need is to be able to make this choice at the time of purchase, and independent of the device you like. To be able to choose if you have a fully open device that you can secure on your own or if you like one that is claimed as secure, but you will never be able to check or control on your own. But unfortunately, this is not possible in most circumstances.
I trust neither the ODMs, nor the custom roms. However I KNOW the average custom rom is just as if not MORE vulnerable than current stock roms, add su into the mix and it is without a doubt more vulnerable. Show me a custom rom dev that claims he ships a secure firmware, and I'll show you someone ignorant of the facts. Ask most of them what CTS is, and they will look at you like you are referencing 18th century medical terms.
That is my stance. In regards to root making a device more vulnerable, I can back that statement time and time again. From key compromises of the superuser apps, to vulnerabilities in the app, to vulns in the su binaries, to vulns in apps that typical make su requests, to stupid users who will grant it to anyone. Having any access point to "root" makes turning a small vuln to a complete compromise relatively easy.
E:V:A said:
Just a small side note:
In regard to device security vs. rooting.
There are essentially 2 schools of thought. On the one side we have those who believe we should trust the device manufacturers experience and knowledge to keep malware out of AOS, and you phone from spilling your data when stolen, which also means keeping users from rooting their devices, simply because they know security better, than the average user. (I think @jcase may be one of those, but he'd have to answer for himself.) On the other hand we have people like me, who firmly believe that the best way to keep your device secure is by being rooted, since we cannot trust anyone, especially large companies who scream "TRUST US". For us, we own the device and everything it does, and that your phone should not be able to send a single photon of radiation, without your permission. Then at least we have the choice to provide our own security by Firewalls, open source baseband, and encrypted phone calls etc. So no, this is not part of the majority of phone owners. But we think it should be. So who's right? Well, we're both right of course. What we need is to be able to make this choice at the time of purchase, and independent of the device you like. To be able to choose if you have a fully open device that you can secure on your own or if you like one that is claimed as secure, but you will never be able to check or control on your own. But unfortunately, this is not possible in most circumstances.
Click to expand...
Click to collapse
@jcase : So I think we agree on that what you say, but from another perspective, we can ask ourselves whether or not a stupid user with root, can possibly endanger a smart user with root? I think this is not generally possible, apart from some automated DDOS attack, which would ultimately originate from a smart user with root, using the stupid user as a transport.
To what extent should ODM's be able to decide who is a smart root user and stupid root user? (And regardless their decision, why should we believe them?) There may not be an answer here, but the discussion is interesting also from a political point of view. How much should the "government" be responsible for a certain individual's action, regardless of their intelligence? Personally I think they're not, and should only provide security to prevent individuals from directly hurting each other, and not preventing them from hurting themselves, if they choose to do so.
Reading all this, it makes me wonder if the antivirus apps help at all..
stefeman said:
Reading all this, it makes me wonder if the antivirus apps help at all..
Click to expand...
Click to collapse
Let's put it this way.
In 6 years of heavy 24/7 PC use, my anti-virus have prevented me from a "possible" remote exploit exactly once, while having annoyed me with lengthy uninterruptible scans and ignoring my ignore settings about a 1000 times, due to adware and various other false positives. Then only god knows how many different countries governments are already present in my PC. Go figure. And yes, I have tweaked every possible setting and tried multiple well know AV's.
Forget AV's and get a good FW and with a well tuned host file, and well tuned common sense.
E:V:A said:
@jcase : So I think we agree on that what you say, but from another perspective, we can ask ourselves whether or not a stupid user with root, can possibly endanger a smart user with root? I think this is not generally possible, apart from some automated DDOS attack, which would ultimately originate from a smart user with root, using the stupid user as a transport.
To what extent should ODM's be able to decide who is a smart root user and stupid root user? (And regardless their decision, why should we believe them?) There may not be an answer here, but the discussion is interesting also from a political point of view. How much should the "government" be responsible for a certain individual's action, regardless of their intelligence? Personally I think they're not, and should only provide security to prevent individuals from directly hurting each other, and not preventing them from hurting themselves, if they choose to do so.
Click to expand...
Click to collapse
Really, I dont want to do this again, this conversation.
Most stupid people don't realize they are stupid, they assume they are smart. (We are all stupid in some regards).
I think I could endanger a user from root, pretty sure I can either screw the phone up, or possibly catch it on fire. If it had a sim in it, and was on the network I am certain I could make them regret ever rooting their device.
Here is a question, how many of you understand how these unlocks/exploits work?
I sometimes leave messages hidden in mine, and have only had ONE person reply to the hidden message, out of 100,000s of runs. People don't even know what they are running to gain root, let alone any idea what these "rom devs" do.
Open source is the answer right? Everyone can read the code, and everyone does! Thats why no backdoors or vulns have ever been in open source projects. Every open source project gets a line by line audit by a team of security professionals.</sarcasm>
I'll join back in when someone shows me a custom rom/open device that has the same or better security precautions taken by leading ODMs. Until then, it is generally just as easy or (generally) easier to abuse and exploit one of these custom roms floating around.
stefeman said:
Reading all this, it makes me wonder if the antivirus apps help at all..
Click to expand...
Click to collapse
Won't help a lick for anything originating from a government.