[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Replicant devs find Samsung Galaxy backdoor

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Replicant devs find Samsung Galaxy backdoor
From: Philip Hudson <phil.hudson@xxxxxxxxx>
Date: Thu, 13 Mar 2014 19:43:05 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=RVHGDkJZ/2zSku+O0aA5WZtIBWcSyDTSIO1ppHd5QAs=; b=pz3aV3ZYhrep9974JIWaA3B0d2TSSBurm7Vd15SF8CRzQseMb5KCe6qau7rilqHVva ZP9BniHz1iB6MdD++lhndMxnNssN5WT40ACn/0w1C9kehxuXyQmlo8EovHSgHTugC6O4 wmajX45lesHqvYFH85DczwX/tk5wsU4eMsO9UhAa1UgsrnHQpqaIF9Eq3Yjkq1U1LGIg +rltqPI3434V40/XnFMk6B2aO6KsTVB6t1lWea/6Awtc9MtnpAhypM1Vc8hATfzMj0PN FdhMH/fJc7eTrF+FXyJDddnT5qu4fR29WuvQ89Nlwr6haF63xF9u0SEnRLUIaOx9GOVK FIHA==

Excellent discussion, thanks. I agree with the commenter who says the
author is under-excited. He seems to be saying in his point 1 that
absence of evidence is evidence of absence, which is just nonsense, as
he ought to know, and which misses the point that it is vulnerability
to exploits that matters, not existence-proven exploits. All of his
remaining rebuttal seems overly complacent, especially the absurd
claim that files on the SD card are not sensitive. It's such a poor
rebuttal that I wonder why they went to him and why they published it.
I guess he makes one point about which the Replicant devs could and
should have been clearer, and that is that an exploit would run as a
non-admin user with presumably limited permissions in most
directories, but as those permissions would often include reading, and
as other classes of exploits might elevate permissions, it is scant
comfort.

There is a real vulnerability here. Samsung inserted it and only they
can fix it, thanks to the wonders of proprietary software. It is
entirely fair to say that you're better off running Replicant (or
stock Android).

On 13 March 2014 18:52, Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Mar 13, 2014 at 11:36:49AM +0000, Philip Hudson wrote:
>> Replicant developers find and close Samsung Galaxy backdoor -- Free
>> Software Foundation -- working together for free software
>> https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor
>
> Not everyone agrees about how much of a backdoor this really is:
>
> http://arstechnica.com/security/2014/03/virtually-no-evidence-for-claim-of-remote-backdoor-in-samsung-galaxy-phones/
>
> Martijn.
>
>
> --
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/listfaq

-- 
Phil Hudson                  http://hudson-it.no-ip.biz
@UWascalWabbit                 PGP/GnuPG ID: 0x887DCA63

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] Replicant devs find Samsung Galaxy backdoor
  - From: Philip Hudson
- Re: [LUG] Replicant devs find Samsung Galaxy backdoor
  - From: Martijn Grooten

Prev by Date: Re: [LUG] [OT] European Parliament stands up to US spooks
Next by Date: Re: [LUG] [OT] European Parliament stands up to US spooks
Previous by thread: Re: [LUG] Replicant devs find Samsung Galaxy backdoor
Next by thread: [LUG] SIP test call?
Index(es):
- Date
- Thread