[ rss / options / help ]
post ]
[ b / iq / g / zoo ] [ e / news / lab ] [ v / nom / pol / eco / emo / 101 / shed ]
[ art / A / beat / boo / com / fat / job / lit / map / mph / poof / £$€¥ / spo / uhu / uni / x / y ] [ * | sfw | o ]
logo
technology

Return ] Entire Thread ] First 100 posts ] Last 50 posts ]

Posting mode: Reply [Last 50 posts]
Reply ]
Subject   (reply to 24774)
Message
File  []
close
mqdefault.jpg
247742477424774
>> No. 24774 Anonymous
3rd November 2015
Tuesday 10:49 am
24774 New phone
So my Three contract (24m One Plan at £33.50pm) is finally bloody ending and I'd rather not keep paying for this lacklustre Galaxy S4. It's caused me more bother than good.

Do any of you chaps have recommendations for a more modern handset, perhaps on contract at a lesser price? Stock Android is a bonus. Expandable memory is a must.
72 posts omitted. Last 50 posts shown. Expand all images.
>> No. 25819 Anonymous
16th February 2017
Thursday 6:32 pm
25819 spacer
http://www.theregister.co.uk/2016/11/15/android_phoning_home_to_china/
>> No. 25820 Anonymous
16th February 2017
Thursday 9:12 pm
25820 spacer
>>25817
You don't even need some rouge factory or whatever to do the hardware modifications in some cases. Mediatek (a huge company who make SOCs for a bunch of Chinese budget phone manufacturers) shipped a chip with debugging tools which allowed attackers to gain root access.
>> No. 25821 Anonymous
16th February 2017
Thursday 9:13 pm
25821 spacer
>>25817

> pwn

Ok, now I realise that I'm dealing with a moron.

Regardless, the link included reinforces my point; hardware level backdoors (whether of a level of complexity that I described or of a HIGHER complexity as is shown in the provided link) are used in highly targeted operations and not mass distributed in consumer devices.

>>25818
>>25819

Both of these would be completely removed by unlocking the bootloader and flashing a new OS over the top exactly as I originally suggested.

Rage and sage for steam from my ears.


>>25818
>>25819
>> No. 25822 Anonymous
16th February 2017
Thursday 9:20 pm
25822 spacer
>>25821
>Both of these would be completely removed by unlocking the bootloader and flashing a new OS over the top exactly as I originally suggested.
And, again, then you'd have to hope that whoever made the new OS didn't use compromised portions of the original in writing it, and that they're not incompetent or malicious enough to introduce too many new ones!
>> No. 25823 Anonymous
16th February 2017
Thursday 11:42 pm
25823 spacer
>>25821

>Ok, now I realise that I'm dealing with a moron.

No ladm8palmuckersunshine.

The document I linked to describes a highly indiscriminate attack. The Microsemi ProASIC3 is not a particularly specialised chip. It's a common, versatile and relatively low-cost logic array that goes into all sorts of low-volume production hardware. Digikey and Mouser have reels of them in stock - you can buy one online for about a fiver.

The researchers found that someone had interfered with the production process of this chip to subvert the security of every single chip coming off the production line. You can't insert a backdoor in one chip, it's physically impossible. You tamper with the HDL used to produce the maskset, embedding the backdoor in every chip.

Now consider the SoCs and baseband processors used in modern phones. They have a transistor count in the millions. They use intellectual property provided by many different companies. They're complex enough as to be essentially impossible to audit, even in the early stages of development. They're produced by one of a handful of companies, all based within spitting distance of each other in Taiwan and Shenzhen. The behaviour of a chip is essentially opaque, because you can only see what the designer chooses to expose via JTAG or what you can figure out with an electron microscope and a vat of boiling nitric acid.

The NSA spends hundreds of millions of dollars on BULLRUN, a program designed solely to embed vulnerabilities in commercial products. Their core operational strategy is to collect everything, everywhere then sift through it to find their targets. They put optical taps on undersea cables, their listening sites capture everything from DC to daylight, they monitor every phone line in the developed world. What are the odds that they haven't bribed an ARM partner to embed some dodgy logic in an IP block, that they don't have a man on the inside at Gemalto or Qualcomm, that they haven't used some classified bit of pure maths to tamper with the Verilog standards?
>> No. 25824 Anonymous
17th February 2017
Friday 2:58 pm
25824 spacer
>>25823

> The NSA spends hundreds of millions of dollars on BULLRUN, a program designed solely to embed vulnerabilities in commercial products. Their core operational strategy is to collect everything, everywhere then sift through it to find their targets. They put optical taps on undersea cables, their listening sites capture everything from DC to daylight, they monitor every phone line in the developed world. What are the odds that they haven't bribed an ARM partner to embed some dodgy logic in an IP block, that they don't have a man on the inside at Gemalto or Qualcomm, that they haven't used some classified bit of pure maths to tamper with the Verilog standards?

You're right, but none of that makes a Chinaphone any more or less secure or insecure than any commercial computer or smartphone, which was the whole point of my original umbrage with post >>25807.

>>25822

Likewise, if you think CyanogenMod or CopperheadOS is inherently less secure than vanilla Android or whatever bullshit an OEM decided to flash on their phones then you're utterly wrong.
>> No. 25825 Anonymous
17th February 2017
Friday 5:10 pm
25825 spacer
>>25824
>none of that makes a Chinaphone any more or less secure or insecure than any commercial computer or smartphone
Yes, it does, because we're talking about speculative backdoors vs backdoors which we absolutely know exist and are routinely found by white hat researchers with no profit motive.
>> No. 25826 Anonymous
17th February 2017
Friday 7:15 pm
25826 spacer
>>25825

I've personally found obvious bugdoors in default Android libraries, there is no speculation here.
>> No. 25827 Anonymous
17th February 2017
Friday 7:41 pm
25827 spacer
>>25826
The speculation in question is that western intelligence agencies have backdoors designed into devices. Given the debacle between Apple and federal investigators over the San Bernardino shooter's phone last year, and given the fact that they're plenty good at getting the data they want on the backend or over networks, I'm inclined to believe they don't. Which isn't to say it would be hugely surprising if they did.

But we 100% know that Chinese manufacturers have done this, do this, and will continue to do this (https://arstechnica.com/security/2016/05/chinese-arm-vendor-left-developer-backdoor-in-kernel-for-android-pi-devices/ http://www.theregister.co.uk/2016/02/02/chip_chomped_as_devs_debug_backdoor_found_in_android_phones/ http://news.softpedia.com/news/backdoor-discovered-in-some-foxconn-made-android-smartphones-509271.shtml https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/)

And they do so in so sloppily a way that white hat researchers who go looking find them in hours, meaning it's safe to assume that plenty are also being found by malware authors with no incentive to disclose them.

Sure, you can change the software and there's a decent chance you'll get around it. Alternatively, you could just buy a phone that isn't fucking broken in the first place.
>> No. 25828 Anonymous
17th February 2017
Friday 8:11 pm
25828 spacer
>The researchers found that someone had interfered with the production process of this chip to subvert the security of every single chip coming off the production line. You can't insert a backdoor in one chip, it's physically impossible. You tamper with the HDL used to produce the maskset, embedding the backdoor in every chip.

Hang on a minute - where is this asserted to be anything than an Actel debug channel? Ill advised, certainly, but I don't see a third party being involved. (And I actually paid those guys to crack a chip, for commercial reasons. We had the rights, but not the source. It was interesting.)
>> No. 25829 Anonymous
17th February 2017
Friday 8:15 pm
25829 spacer
The way I see it: China is far away and can't do anything to me. I live in the UK, and the spooks here can put me in a gym bag. So the best option is the Chinese phone.
>> No. 25830 Anonymous
17th February 2017
Friday 8:50 pm
25830 spacer
>>25829
Western spooks are going to get their hands on your data anyway if you're using western networks. It isn't either/or, it's one or both.

And the people exploiting the holes left in the security by Chinese manufacturers most certainly can do plenty to you.
>> No. 25831 Anonymous
17th February 2017
Friday 9:20 pm
25831 spacer
>>25830
Better safe than sorry. I'd rather someone far, far away to snoop on me.
>> No. 25832 Anonymous
17th February 2017
Friday 9:27 pm
25832 spacer
>>25831
Again, this isn't an either/or situation...
>> No. 25833 Anonymous
17th February 2017
Friday 9:50 pm
25833 spacer
>>25832
Better safe than sorry, lad.
>> No. 25834 Anonymous
17th February 2017
Friday 10:04 pm
25834 spacer
>>25833
Who do you think manufactures and supplies the gym bags?
>> No. 25835 Anonymous
17th February 2017
Friday 10:55 pm
25835 spacer
>>25834
Yes but they don't make it for human beings to be stuffed into them.
>> No. 25836 Anonymous
17th February 2017
Friday 10:58 pm
25836 spacer
>>25835
Are you sure about that?
>> No. 25837 Anonymous
17th February 2017
Friday 11:28 pm
25837 spacer
>>25833
I don't get what you think is "safe" here.
>> No. 25838 Anonymous
18th February 2017
Saturday 12:27 am
25838 spacer
>>25837
The idea that Chinese spooks watching me is better than American spooks watching me.
>> No. 25839 Anonymous
18th February 2017
Saturday 1:19 am
25839 spacer
>>25838
And NSA/GCHQ can watch you either way. As I said, it's not either/or, it's one or both.

The myriad backdoors discovered by people with nothing like the resources of a state show that "spooks" are the least of your worries with Chinese phones, in any case.
>> No. 25840 Anonymous
18th February 2017
Saturday 2:22 am
25840 spacer
>>25839
They can have as many back doors for the Chinese spooks to exploit for all I care. I care about here. So... Better safe than sorry, lad.
>> No. 25841 Anonymous
18th February 2017
Saturday 3:18 am
25841 spacer
>>25840
The point is that regardless of who they're "for", they're poorly implemented enough that researchers looking for them often find and disclose them, meaning you can guarantee people with less benevolent goals finding them and keeping the news to themselves so they can collect and sell on data or use payment information themselves.

And on top of that, you're using networks operated by companies which are wholly willing to co-operate fully with the spooks "here".

So you're not "safe", quite the opposite.
>> No. 25842 Anonymous
18th February 2017
Saturday 3:34 am
25842 spacer
>>25841
The more people that have access to it, the better. It is not really a secret if everyone knows now, is it? Better safe than sorry, mate.
>> No. 25843 Anonymous
18th February 2017
Saturday 12:22 pm
25843 spacer
>>25842
In that case, let's make sure your card details are safe. Just tell us the long number on the front, your name as it appears, the expiry date and the three digits on the back. Better safe than sorry, innit.
>> No. 25844 Anonymous
18th February 2017
Saturday 3:10 pm
25844 spacer
>>25843
No that's not better safe than sorry, mate.
>> No. 25845 Anonymous
18th February 2017
Saturday 5:50 pm
25845 spacer
>>25844
But if you don't tell us your details, how are we supposed to recognise them as yours when we see them? You'll be sorry then, m7.
>> No. 25846 Anonymous
18th February 2017
Saturday 5:56 pm
25846 spacer
>>25845
No mate, if you take millions more details plus mine, then is it okay. Better safe than sorry, right?
>> No. 25847 Anonymous
18th February 2017
Saturday 5:58 pm
25847 spacer
>>25846
You know what they say. A journey of a million miles starts with a single step. Now hurry, before the Chinese get their hands on them, otherwise you'll be paying for all sorts of crazy fetish porn without even getting to see it.
>> No. 25848 Anonymous
18th February 2017
Saturday 6:33 pm
25848 spacer
>>25847
No mate, you should do it all in one go, not one by one. Better safe than sorry.
>> No. 25850 Anonymous
19th February 2017
Sunday 2:11 am
25850 spacer
The only information I have been able to glean from this thread is that it is indubitably better to be safe than to be sorry.

A lesson well learned, thanks everyone.
>> No. 25851 Anonymous
19th February 2017
Sunday 2:22 am
25851 Build the wall
Trump.jpg
258512585125851
>>25850

> it is indubitably better to be safe than to be sorry
>> No. 25960 Anonymous
16th July 2017
Sunday 3:26 pm
25960 spacer
So what's the best value for money smartphone knocking on the market thesedays?
>> No. 25961 Anonymous
16th July 2017
Sunday 5:12 pm
25961 spacer
>>25960

If you're happy to wait a couple of weeks for a phone from China, then a Xiaomi Redmi 4x or Redmi Note 4 global edition. If you want something available locally, then a Motorola E4 or E4 Plus. They're very similar phones, but the Xiaomi phones are cheaper and better.

https://www.banggood.com/Xiaomi-Redmi-4X-Global-Edition-5_0-inch-3GB-RAM-32GB-ROM-Snapdragon-435-Octa-core-4G-Smartphone-p-1141850.html

https://www.banggood.com/Xiaomi-Redmi-Note-4-Global-Edition-5_5-inch-3GB-RAM-32GB-ROM-Snapdragon-625-Octa-core-4G-Smartphone-p-1129991.html

https://www.amazon.co.uk/Motorola-Moto-E4-SIM-Free-Smartphone-Grey/dp/B0711SHYS8
>> No. 25962 Anonymous
16th July 2017
Sunday 5:47 pm
25962 spacer
>>25961

Amazing, cheers. Just ordered the Redmi 4x - looks like it has similar specs to an iPhone 7 in a £100 phone, fucking hell. Hope the delivery time won't be too ridiculous.
>> No. 25963 Anonymous
16th July 2017
Sunday 5:47 pm
25963 spacer
Don't get a Chinese phone.
>> No. 25964 Anonymous
16th July 2017
Sunday 5:48 pm
25964 spacer
>>25963
Why don't you expand on that, you fucking twat.
>> No. 25965 Anonymous
16th July 2017
Sunday 5:49 pm
25965 spacer
>>25964
Because it's been well addressed previously in the thread?
>> No. 25966 Anonymous
16th July 2017
Sunday 7:24 pm
25966 spacer
>>25965
Then don't shout about it since it is "already in the thread."
>> No. 25967 Anonymous
16th July 2017
Sunday 9:17 pm
25967 spacer
>>25966
It's a reminder, and it's not shouting. Don't have a teary mate.
>> No. 25968 Anonymous
16th July 2017
Sunday 9:24 pm
25968 spacer
>>25967
You don't tell me what to do mate.
>> No. 25969 Anonymous
16th July 2017
Sunday 9:43 pm
25969 spacer
>>25968

Keep sticking up for yourself.
>> No. 25970 Anonymous
16th July 2017
Sunday 11:02 pm
25970 spacer
Steady on lads.
>> No. 25975 Anonymous
17th July 2017
Monday 3:56 pm
25975 spacer
If you want my advice OP I think you should avoid Chinese phones.
>> No. 25978 Anonymous
17th July 2017
Monday 6:07 pm
25978 spacer
>>25975
Are you going to expand on that you twat?
>> No. 25979 Anonymous
17th July 2017
Monday 7:28 pm
25979 spacer
>>25978
All the ones with Hauwei chipsets are well known to be backdoor-d to fuck. They have AT commands that allow you to turn on the microphone or camera, without any indication, for instance.
>> No. 25980 Anonymous
17th July 2017
Monday 7:45 pm
25980 spacer
>>25979

Huawei don't make SoCs or baseband chipsets.
>> No. 25981 Anonymous
17th July 2017
Monday 8:04 pm
25981 spacer
>>25979
That's an anti-Chinese myth.

Anyway, I'd rather the Chinese than Theresa knowing what kind of porn I watch.
>> No. 25985 Anonymous
17th July 2017
Monday 10:49 pm
25985 spacer
>>25981
As has been addressed previously, there are numerous examples of popular imported handsets from China having backdoors identified and exploited by researchers. It's not just "the Chinese" who have access to your information, it's anyone with the knowledge and incentive.
>> No. 25986 Anonymous
17th July 2017
Monday 10:52 pm
25986 spacer
>>25980
https://en.wikipedia.org/wiki/HiSilicon

Return ] Entire Thread ] First 100 posts ] Last 50 posts ]
whiteline

Delete Post []
Password