A Photography forum. PhotoBanter.com

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PhotoBanter.com forum » Digital Photography » Digital Photography
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Macbook users, cellphone addicts; beware the charger



 
 
Thread Tools Display Modes
  #11  
Old November 14th 18, 10:18 PM posted to rec.photo.digital
newshound
external usenet poster
 
Posts: 458
Default Macbook users, cellphone addicts; beware the charger

On 14/11/2018 19:29, nospam wrote:
In article ,
newshound wrote:

On my android phone, by default the USB port will only accept power. You
have to pull up a window and positively enable data transfer.

https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
3One attendee claimed his phone had USB transfer off and he would be
fine. Â*When he plugged in, it instantly went into USB transfer mode,2
Markus recalls.Â* 3He then sheepishly said,Â* Å’Guess that setting
doesn1t work.'2

OK so that's what the article said. I wonder what sort of cleverness it
is doing if the phone *really did* have the transfer turned off. Was it
perhaps exploiting a bluetooth or wifi vulnerability?

it likely used a usb exploit to re-enable it.

accessing data on android devices is relatively easy. for ios devices,
it's basically impossible.

That suggests they are not just accessing data, but a system function
which IMHO is much more serious.


a major problem is that android devices rarely encrypt anything because
it slows things down due to the lack of hardware encryption on most
devices, but even for those that do, encryption is usually disabled.

on ios, everything is encrypted (with hardware), so even if a rogue
device could somehow bypass user confirmation to access the data (which
is required), they still have trillions of years ahead of them to crack
the encryption.

It would be nice to think Google would work quite hard at patching such
vulnerabilities. Life has become far simpler since USB became a standard
for charging all sorts of devices. At a quick count I have well over a
dozen, and I am sure I have forgotten some.


the problem is that android device makers drop software support fairly
quickly (typically a year or two), so whatever patches google might add
may not be available for your existing phone. they hope you buy a
replacement. there's no profit in free updates.

another problem is that android device makers often make things worse
with their own additions to android, sometimes a *lot* worse, such as
this:

https://www.theregister.co.uk/2015/0...ng_fingerprint
s_as_worldreadable_cleartext/
Four FireEye researchers have found a way to steal fingerprints from
Android phones packing biometric sensors such as the Samsung Galaxy
S5 and the HTC One Max.

The team found a forehead-slapping flaw in HTC One Max in which
fingerprints are stored as an image file (dbgraw.bmp) in a open
"world readable" folder.
...
"To make the situation even worse, each time the fingerprint sensor
is used for auth operation, the auth framework will refresh that
fingerprint bitmap to reflect the latest wiped finger," the team says.

"So the attacker can sit in the background and collect the
fingerprint image of every swipe of the victim."

the level of stupidity for something like that to even be considered,
let alone actually implemented and ultimately deployed in a consumer
product is staggering.

unfortunately, nobody gives a **** and the companies are still in
business, still making products, still putting users and their data at
risk.

Fair point. My last few phones have been Moto and they are not too bad
at doing updates. And although the latest has a fingerprint sensor, that
is the only machine that I use that finger on. My wife has gone over to
iPhone and now that they have come a bit more affordable at the entry
level I might move over next time (having just got an iPad mini, which
seems pretty good, to replace a Nexus 7).
  #12  
Old November 15th 18, 08:53 AM posted to rec.photo.digital
RJH
external usenet poster
 
Posts: 228
Default Macbook users, cellphone addicts; beware the charger

On 14/11/2018 19:29, nospam wrote:
snip

https://www.theregister.co.uk/2015/0...ng_fingerprint
s_as_worldreadable_cleartext/
Four FireEye researchers have found a way to steal fingerprints from
Android phones packing biometric sensors such as the Samsung Galaxy
S5 and the HTC One Max.

The team found a forehead-slapping flaw in HTC One Max in which
fingerprints are stored as an image file (dbgraw.bmp) in a open
"world readable" folder.



Good grief

--
Cheers, Rob
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Nikon Users Beware of Memory Card Shortage android Digital Photography 1 February 16th 18 02:09 PM
iPhone addicts cut-back on their children's food to afford latestiPhone PeterN[_6_] Digital Photography 0 August 30th 16 11:17 PM
New Zeisses for iPhone addicts android Digital Photography 0 January 11th 16 03:21 PM
Tenergy T6278 Universal Smart Charger, Finally a Good Charger forC & D NiMH cells SMS Digital Photography 0 July 9th 08 01:03 AM
Beware! Panasonic BQ-380 charger! Robert Scott Digital Photography 9 March 5th 05 02:55 PM


All times are GMT +1. The time now is 10:28 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PhotoBanter.com.
The comments are property of their posters.