undefined | Better HN

0 pointsnullify884y ago0 comments

> There is no attack surface for any kernel - the only thing there would be a bug in mms. Please share your source for kernel attacks, on any android version

This is after one hasty search. https://source.android.com/security/bulletin/2016-10-01

There are various kernel level vulnerabilities listed. Some weakening privacy over tcp connections, others locally exploitable via a malicious app such as Pegasus.

I don't understand why you call him confused. Perhaps you can approach with curiosity instead.

0 comments

soylentnewsorg4y ago

I'll start by saying I spent a full 5 minutes reading through those and gave up. I asked for an example, you pasted twenty pages of random garbage and said "here, maybe you'll find something in this dump I took - why don't you spend some time and maybe I'll prove you wrong."

In those five minutes of looking through your garbage dump, I found Zero vulnerabilities that do not need either you installing a virus, which then gets root (the vulnerability), or a bug in an application running as root that's out of date, which then of course gives the attacker of the application root. None of those are valid examples, and I'm now bored digging through random garbage.

Any hack, in Any application, will give the attacker root - we're running rooted phones (for the extra functionality).

If you want to make a point, note the actual bug listed that does not need a compromised application. You installing a virus then the virus getting root does not count. The thread is about a kernel bug giving a remote attacker control of your phone. Applications and drivers like your modem can be updated without you updating the kernel. The latest N6 kernel is 4.9.3, with updates from the end of 2019.

kaba04y ago

Do you also run all your programs as root on desktop? Wtf.

Also, regarding your previous post, modern Android and ios is lightyears ahead in security than any desktop os out there, for good reason (majority of people interact with their phones, and store much more sensitive data there)

soylentnewsorg4y ago

>Do you also run all your programs as root on desktop? Wtf.

yes. always have. same in windows where I also don't use antivirus. and this is what most tech people do for their personal equipment. because the one issue I had, in my 30+ years of using computers, and 20+ years of doing it professionally as a dev, sysadmin, and storage admin, I only once got a virus.

i'll tell you a little secret too. yes, it's wtf to people who don't know what they're doing and need the safeguard against when they screw up. I know enough to not screw up. now go pipe a bash script from a webpage to sh to install something, because that's what the installation manual for your game said to do.

1 more reply

sa14y ago

There’s an example of it on HN front page right now, where a terminal application without privileges can trigger a kernel bug.

soylentnewsorg4y ago

for those times when I run that terminal application on my phone. which is already rooted, so it's doesn't need the kernel bug to get root. it can just run.

1 more reply

j / k navigate · click thread line to collapse

0 comments

soylentnewsorg4y ago

Any hack, in Any application, will give the attacker root - we're running rooted phones (for the extra functionality).

kaba04y ago

Do you also run all your programs as root on desktop? Wtf.

soylentnewsorg4y ago

>Do you also run all your programs as root on desktop? Wtf.

1 more reply

sa14y ago

There’s an example of it on HN front page right now, where a terminal application without privileges can trigger a kernel bug.

soylentnewsorg4y ago

for those times when I run that terminal application on my phone. which is already rooted, so it's doesn't need the kernel bug to get root. it can just run.

1 more reply

j / k navigate · click thread line to collapse