this post was submitted on 23 Jul 2023
14 points (100.0% liked)

cybersecurity

3238 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Crosspost of an ongoing thread over at [email protected]

Some interesting discussions on the trade-off between security and being able to use your aging Android for a little while longer.

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago

While I hate relegating perfectly usable Android phones to a landfill, identity theft also sucks. The bottom line is that manufacturers should be required to supply updates for longer periods of time or provide a means to completely unlock them for free and let end users install new versions of the ROM.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Perhaps images, video, font etc. rendering could be compromised?

Yes, it already happen in the past. Also the Wi-Fi and Bluetooth stack got exploited, like multiple kernel drivers.

But it shouldn't be a matter of "in the past was X exploited?" but more on having a correct security posture.

Honestly if you are arguing about wasting a "perfectly working phone" you should blame it on the vendor, especially Android devices vendors have this let's say "defect" of dropping the support after 4/5 years.

Also not going to talk about custom ROMs (with the super rare exclusion of some) managed by god knows who, without any security team behind.

Since even the NFC and Cellular Network stack got vulnerabilities the only way you would consider an old phone "safe" to use is just turning it into the equivalent of a local ARM server.

Also pretty fun seeing the replies in the original post talking about how Google Play store shouldn't have malware on it.

[–] [email protected] 0 points 1 year ago (1 children)

Nowadays people rarely attack individual random users. I believe the risk of running outdated software is super inflated and mediatic, 99% of people would be absolutely fine running a version of Android from 3 years ago or Windows 8.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

I believe the risk of running outdated software is super inflated and mediatic, 99% of people would be absolutely fine running a version of Android from 3 years ago or Windows 8.

That's the same thing people running windows XP on internet were thinking in 2017.

Then WannaCry arrived and they got their data encrypted :)

[–] [email protected] -2 points 1 year ago (1 children)

WannaCry targeted hospitals, businesses and similar machines.

Your grandma using Android 9 is safe, don't worry.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

WannaCry targeted hospitals, businesses and similar machines.

WannaCry targeted everything with SMB exposed, blindly.

Also, you should read more about security through obscurity, the fact that "no one will target you because you are a low-value target" is a false sense of security.

load more comments
view more: next ›