Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday October 08 2019, @02:28AM   Printer-friendly
from the you-can-trust-your-friends,-right? dept.

Submitted via IRC for carny

Millions Of Android Phones Are Vulnerable To Israeli Surveillance Dea...

Google issued an alert overnight about a fresh vulnerability affecting hundreds of millions of Android phones, including its own Pixel 1 and 2 devices. According to Google security researcher Maddie Stone, the weakness is actively being used against targets of the Israeli spyware dealer NSO Group.

If you own any of the following phones, your device likely remains vulnerable today as patches are not yet available: the Google Pixel 1 and 2, Huawei P20. Xiaomi Redmi 5A, Xiaomi Redmi Note 5. Xiaomi A1, Moto Z3, Oreo LG phones and the Samsung S7, S8, S9 models. Those are some of the most popular Android phones in existence today. Huawei has shipped over 16 million P20 smartphones around the world, according to the Chinese company's figures from the end of 2018. (A source told Forbes after publication that the number of affected devices is likely much higher, as those were the only ones that Google had been able to test).

[...] The problem was defined by Stone as a kernel privilege escalation bug, which means it provided a way for a hacker who'd already found a way onto the device to get deeper access, right into the heart of the Android operating system. Getting control of the kernel allows a hacker to do almost whatever they like on the phone, grabbing much of the data within. Whoever was exploiting the vulnerability would have likely used other bugs, combining them in what's known as an "exploit chain" to completely own an Android device remotely. That is, after all, what NSO trades in; it's built a reputation for being able to remotely target and take over smartphones, but its reported sales of this technology to Mexico and the U.A.E. has put it at the center of a storm over privacy and surveillance.

from the all-phones-are-surveillance-devices dept.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by RS3 on Tuesday October 08 2019, @01:09PM (2 children)

    by RS3 (6367) on Tuesday October 08 2019, @01:09PM (#904039)

    Being somewhat of a latecomer to smartphones, I'm a little confused by some phone terminology: ROM. As an EE, I know a ROM to be Read Only Memory. NOT programmable, not alterable. But I've uploaded bootloaders, "ROMs", etc., to phones.

    Is phone ROM actually FLASH that's supposedly protected while OS is running? (Because if that's the case, then there is obviously a mechanism to write the "ROM"...)

    Or something else?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by All Your Lawn Are Belong To Us on Tuesday October 08 2019, @01:58PM

    by All Your Lawn Are Belong To Us (6553) on Tuesday October 08 2019, @01:58PM (#904069) Journal

    Regarding smartphones specifically this is the blind leading the blind. Generally, though, I think you have the thought precisely.

    "ROM" is used synonymously with EPROM/EEPROM and variations thereof on the level we're thinking. Strictly "ROM" is something that once it's burned to the chip surface at manufacture there is no changing it. If you can change it then it isn't ROM although it may be some form of PROM.

    Now whether there are actual ROM elements which absolutely cannot be changed I can't say. I'm thinking the boot hardware interface level could potentially be something that nobody expects to change for a given phone, and a PROM layer over that for how the OS might interact with that, but such a thing might not actually exist.

    Now that I've made (somewhat) definitive statements somebody can call me wrong and we'll both know. :)

    --
    This sig for rent.
  • (Score: 2) by c0lo on Tuesday October 08 2019, @02:11PM

    by c0lo (156) Subscriber Badge on Tuesday October 08 2019, @02:11PM (#904080) Journal

    Is phone ROM actually FLASH that's supposedly protected while OS is running?

    The only requirements for a firmware is to last over a total power off and be addressed by CPU as memory, i.e. use non-volatile memory; nothing changed in EE, still no magic involved.

    Now, if you want the firmware to be upgradeable, yes you'll need something that is writable in the conditions you want to be able to "upgrade" the firmware - that is: erase the old one and write the new one. Since firmware is "mostly read", you may want to look at non-volatile memory with low energy consumption at read. Cheap too if you want a good profit margin.
    So, without being 100% sure, it's very likely a smartphone firmware is stored by flash nowadays.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford