If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Macbook users, cellphone addicts; beware the charger
On 14/11/2018 19:29, nospam wrote:
In article , newshound wrote: On my android phone, by default the USB port will only accept power. You have to pull up a window and positively enable data transfer. https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/ 3One attendee claimed his phone had USB transfer off and he would be fine. Â*When he plugged in, it instantly went into USB transfer mode,2 Markus recalls.Â* 3He then sheepishly said,Â* Å’Guess that setting doesn1t work.'2 OK so that's what the article said. I wonder what sort of cleverness it is doing if the phone *really did* have the transfer turned off. Was it perhaps exploiting a bluetooth or wifi vulnerability? it likely used a usb exploit to re-enable it. accessing data on android devices is relatively easy. for ios devices, it's basically impossible. That suggests they are not just accessing data, but a system function which IMHO is much more serious. a major problem is that android devices rarely encrypt anything because it slows things down due to the lack of hardware encryption on most devices, but even for those that do, encryption is usually disabled. on ios, everything is encrypted (with hardware), so even if a rogue device could somehow bypass user confirmation to access the data (which is required), they still have trillions of years ahead of them to crack the encryption. It would be nice to think Google would work quite hard at patching such vulnerabilities. Life has become far simpler since USB became a standard for charging all sorts of devices. At a quick count I have well over a dozen, and I am sure I have forgotten some. the problem is that android device makers drop software support fairly quickly (typically a year or two), so whatever patches google might add may not be available for your existing phone. they hope you buy a replacement. there's no profit in free updates. another problem is that android device makers often make things worse with their own additions to android, sometimes a *lot* worse, such as this: https://www.theregister.co.uk/2015/0...ng_fingerprint s_as_worldreadable_cleartext/ Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max. The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open "world readable" folder. ... "To make the situation even worse, each time the fingerprint sensor is used for auth operation, the auth framework will refresh that fingerprint bitmap to reflect the latest wiped finger," the team says. "So the attacker can sit in the background and collect the fingerprint image of every swipe of the victim." the level of stupidity for something like that to even be considered, let alone actually implemented and ultimately deployed in a consumer product is staggering. unfortunately, nobody gives a **** and the companies are still in business, still making products, still putting users and their data at risk. Fair point. My last few phones have been Moto and they are not too bad at doing updates. And although the latest has a fingerprint sensor, that is the only machine that I use that finger on. My wife has gone over to iPhone and now that they have come a bit more affordable at the entry level I might move over next time (having just got an iPad mini, which seems pretty good, to replace a Nexus 7). |
#12
|
|||
|
|||
Macbook users, cellphone addicts; beware the charger
On 14/11/2018 19:29, nospam wrote:
snip https://www.theregister.co.uk/2015/0...ng_fingerprint s_as_worldreadable_cleartext/ Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max. The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open "world readable" folder. Good grief -- Cheers, Rob |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Nikon Users Beware of Memory Card Shortage | android | Digital Photography | 1 | February 16th 18 01:09 PM |
iPhone addicts cut-back on their children's food to afford latestiPhone | PeterN[_6_] | Digital Photography | 0 | August 30th 16 11:17 PM |
New Zeisses for iPhone addicts | android | Digital Photography | 0 | January 11th 16 02:21 PM |
Tenergy T6278 Universal Smart Charger, Finally a Good Charger forC & D NiMH cells | SMS | Digital Photography | 0 | July 9th 08 01:03 AM |
Beware! Panasonic BQ-380 charger! | Robert Scott | Digital Photography | 9 | March 5th 05 01:55 PM |