Viewing a single comment thread. View all comments

kore wrote

do you have specific references where i can learn about this? in terms of mobile phones, who knows what goes on in the baseband but i would love to see proof of concept attacks based on the ways you mentioned

3

celebratedrecluse wrote (edited )

https://web.archive.org/web/20200411222306/https://securityaffairs.co/wordpress/101094/malware/android-apps-hidden-backdoors.html

https://blogs.fsfe.org/larma/2017/signal-backdoors/

https://www.reddit.com/r/privacy/comments/3srhxh/signal_on_android_google_play_services/

https://www.makeuseof.com/tag/7-free-google-services-that-cost-you-battery-life-privacy-android/

https://www.huffpost.com/entry/why-googles-spying-on-use_b_3530296

https://securitywithoutborders.org/blog/2019/03/29/exodus.html

https://www.schneier.com/blog/archives/2019/06/backdoor_built_.html

https://www.bleepingcomputer.com/news/security/second-chinese-firm-in-a-week-found-hiding-backdoor-in-firmware-of-android-devices/

https://www.bloomberg.com/news/articles/2013-07-03/security-enhanced-android-nsa-edition (this is hypothetical, but if USA intelligence provides code with unknown backdoors they have developed, even open sourcing the code would not necessarily expose the vulnerabilities as the tools to break into devices may be uniquely developed by the NS agency. This was also right around the Snowden leaks time)

https://www.theverge.com/2013/6/6/4403868/nsa-fbi-mine-data-apple-google-facebook-microsoft-others-prism

https://proclivitiesprinciplewisdom.wordpress.com/2019/05/24/global-surveillance-infrastructure-used-by-fbi-cia-and-nsa/

Google Play Services alone basically fucks up any possible security on the vast majority of Android devices. Don't use android.

https://gs.statcounter.com/android-version-market-share/mobile-tablet/worldwide

As far as old versions, phones are locked to certain versions of android in order to motivate people to buy the new ones. There are old phones out there still running android 4 and 5, although most are between 6 and 9. This means a substantial portion of android phones do not have any mac randomization, for instance. As far as security maintenance, that stops after 2-3 years tops, and is dependent on both Google and the manufacturer collaborating to maintain the devices. Therefore only Pixel phones of recent purchase are "secure", which entails of course handing over even more of your digital information and private life to a single USA company (Google)

https://www.tomsguide.com/us/old-phones-unsafe,news-24846.html

2

kore wrote

thank you very much, i will check these out!

1