SoylentNews is people
SoylentNews
Just bought a FirefoxOS Revolution Geeksphone in mid-May. I mean, sure, it's buggy and needs improvement, but it's an open source, community-driven project. That is how it was presented to consumers.
It has nowhere to go but up, right? Wrong. Without any kind of transparency or openness or communication, the Geeksphone crew let us know in a one-line comment that they were orphaning all of us.
Re: Firefox OS 2.2
« Reply #3 on: June 10, 2015, 05:34:08 PM »
No sorry, all FxOs development are finished by Geeksphone.Thanks..... ;)
And that's all, folks. Apparently. To add injury to injury, they used a locked bootloader, according to another commenter. I didn't even check on that. It's an open source project, I thought.
I'm also mad as hell. Any other Soylentils in this mess? Anybody have any ideas on a useful way forward?
Original Submission
(Score: 3, Interesting) by Gravis on Monday June 15 2015, @09:55AM
I'm also mad as hell.
that is your prerogative but some of that anger should be for yourself because you didn't make sure you could build the firmware from scratch.
Any other Soylentils in this mess?
i dont have a pocket computer but i have a cellular telephone that is great for telephoning. [amazon.com] after two years of use, only needs to be charged every couple weeks. the reported standby time is 39 days.
Anybody have any ideas on a useful way forward?
yes! there are many multiple options:
* only invest in portable computers that have the complete source or not at all.
* reverse engineer the bootloader and build your own version of the OS
* make a pocket computer of your own design
* declare all the aforementioned options are bad and pout.
(Score: 2) by c0lo on Monday June 15 2015, @10:29AM
And where the hell are the call logs on that model? Got one of those last December and I'm couldn't find where to find the last call to add the calling number to contacts, drives me crazy.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Informative) by Gravis on Monday June 15 2015, @12:15PM
And where the hell are the call logs on that model?
if you just hit the call/send button without dialing, it will bring up the log. however, if you go to Menu->Settings->My Shortcuts, you can reconfigure the navigation and selection keys to do just about anything.
(Score: 2) by c0lo on Monday June 15 2015, @02:42PM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by VortexCortex on Monday June 15 2015, @08:29PM
if you go to Menu->Settings->My Shortcuts, you can reconfigure the navigation and selection keys to do just about anything.
Indeed, the devices typically run Java (Mobile Edition), which is incredibly moddable too, but for which you probably don't have the ability to flash with your own firmware image -- really how is that better in any way (besides battery life)?
To those concerned about cracking a locked bootloader, and/or consider a non-smartphone: On all modern cell phones the mini-kernel that handles the baseband radio IO is insecure and has full read/write access to the entirety of the phone's memory. Even the "feature phones" or "dumb-phones" you have today are basically the same as smartphones just with less CPU power, (thus better battery life), and different input features (no fancy multi-touch screen). Point being: The security benefits of using a dumb phone are largely imaginary, as are the security benefits of having a phone with open source software/firmware.
Let's say you do get open source audited firmware installed: Just like with a smart(er) phone an IMSI interceptor, like the Stingray systems cops are using, could easily inject malicious data that exploit any of the hundreds of unchecked bounds in the baseband kernel to perform a remote code execution vulnerability and take over the dumb(er) phone, install a rootkit that reports location information (tower signal strength for triangulation even if no GPS), exfiltrate all the data on the phone, and etc. Since the decommission of analog cellular so too went the uncrackable plain dumb cell phone with simple speed-dial memory - You could spy on these too (even with just a modified HAM radio), but at least they didn't have the capacity to have spyware installed to carry around with you. Some of this could be fixed with an open source baseband kernel instead of a blob, but then there are a few hardware level exploits that no amount of open source code can fix.
I like FLOSS, and understand the principals behind using it exclusively, but I don't get why it's such a big deal today with so many exploits (mistakes) in the code and no way to verify the hardware it's running on isn't injecting spyware into all of your binaries. Ken Thompson's ACM acceptance speech covered this in the prophetic year of 1984. [bell-labs.com] Until we have open & verifiable hardware FLOSS is primarily to avoid vendor lock-in, IMO; It does little to ensure security. Complete Mobile VMs, when? It's a bit more complex to deliver ex-filtration and tracking payloads on smarter phones because the dumber ones are less diverse in the firmware department, but state level hackers have the time and resources to build cracks for any/every phone model. Beware if your phone gets an over the air firmware update, then seems slightly off (typically missing a few vendor installed custom features) and requires you re-enter WIFI passphrases etc, then a reboot or two later returns to prior operating conditions: Rather than hack the phone in real time, sometimes a spoofed update cycle is used to send you a spyware infested firmware for your model then (re)update to the vendor's firmware after getting your data (this attack is often deployed during an actual update cycle) -- Don't get too paranoid as some vendor features disable normally until you accept terms and conditions required by some firmware updates.
Ever since GSM's poor linear shift register encryption was hacked anyone with a bit of cash and some know-how can use a software defined radio and about a month of evenings figuring out how to overwrite their own phone's OS in real time (do so in a Faraday cage to avoid breech of FCC regs). Buh bie "bootloader" lock, just warm-boot over the air to a whole new OS. Bonus: Turn it off and on again, and it's an unmodified phone again... Besides price & battery life, I'm not really sure what the draw is for the dumber phone. They aren't any more secure than smart ones are, and they do less. Just be aware that anything you do and anywhere you go with any cell phone purchased today is potentially public information (as they ping the public airwaves just asking to get spied on or infected). One outcome will probably be that enough hobbyists like myself hacking on their own mobile hardware will bring the barrier to entry to cracking phones low enough such that common identity thieves will have plug-n-play point-n-click access to the same tech hackers do (just like with exploit toolkits on desktop / server machines). That way we'll be forced to take a proactive approach to security (as on desktop and servers); We probably won't ever get open hardware with end to end encryption default on our systems at the hardware level, but that's what we need. Until we can 3D print chips at home your best bet is a FPGA if you REALLY need to know the chipset isn't spying on you. Off the grid (clean power) computing in an EM shielded enclosure is another option -- it doesn't matter if the Intel Sandy Bridge chip's cellular modem is spying on me, or just waiting to get bricked, if it can't phone home.
Invest in a Faraday bag if you want a bit of mobile privacy. Also, try leaving the mobiles at home every now and then. You may be pleasantly surprised at the results of less distracting information overload. For the more adventurous, create a phone pool and trade phones with friends (don't put anything important on them - get a little black book for your contacts), that way any tracking done is mostly useless. For the most adventurous, I don't recommend this as it's highly illegal, but you can sniff cellular traffic then clone a nearby phone's signature (even a dumb phone), and use the SDR to make innocuous looking phone calls (preferably at both ends, receiving end will have to jam the phone it cloned). Buh Bie usefulness of "meta data" collection. That's what some of the higher tech criminal elements do, which demonstrates why all the NSA spying can't stop terrorists (that's a smoke screen to manufacture consent to spy on "troublemaking" US citizens / activists who blow whistles on the powerful and corrupt).
P.S. It's fun to see the complexity of good 'ol Hayes-like modem commands still down in the guts of our cellular modems. It's a veritable cornucopia of exploitability -- almost like none of those command strings are even tested for overflow / unexpected input. I guess most hackers today don't get down to that level, but I expect they will as the Software Defined Radio becomes ever more available.
(Score: 2) by Gravis on Monday June 15 2015, @09:49PM
On all modern cell phones the mini-kernel that handles the baseband radio IO is insecure and has full read/write access to the entirety of the phone's memory.
actually, you are wrong about this. the radios have their own little ARM chips that handle the I/O. the radio is an I/O peripheral to the CPU just as much as the keypad and LCD.
Point being: The security benefits of using a dumb phone are largely imaginary,
the primary threat to pocket computers is not their voice telephony capability, it's the other software that gets installed on it. the secondary threat is bugs in absurdly complex OSes and software. the smaller the OS, the better.
as are the security benefits of having a phone with open source software/firmware.
having a phone with open source software/firmware allows people to verify that they aren't being spied on by the phone manufacturer and that there are no (deliberate) backdoors. yes, they have been busted in the past for doing this.
Invest in a Faraday bag if you want a bit of mobile privacy. Also, try leaving the mobiles at home every now and then. You may be pleasantly surprised at the results of less distracting information overload.
do you really have that little willpower?
as for all the rest of you post: ugh... you talk big but you really don't really get the big picture.
(Score: 3, Touché) by Anonymous Coward on Monday June 15 2015, @12:42PM
Have any other remarks to let everyone else know just how great you are compared to every and anyone?
I don't think we are yet fully able to appreciate the total overwhelming grandeur that is your ego.
(Score: 2) by quixote on Monday June 15 2015, @01:06PM
"some of that anger should be for yourself"
Yup. You probably noticed from the post that I'm kicking myself.
(Score: 2) by subs on Monday June 15 2015, @01:24PM
i have a cellular telephone that is great for telephoning
"And get off my lawn you kids!"
(Score: 3, Informative) by kaszz on Monday June 15 2015, @02:17PM
Doesn't matter if the evil device uses code signing. You can have the source, can modify, can compile, upload it etc. It still won't run unless you get the blessing from the noble oligarchy in the form of a signed cryptokey.