Security bods find Android phoning home. Home being China Security researchers have uncovered a secret backdoor in Android phones that sends almost all personally identifiable information to servers based in China. The firmware is managed by Shanghai Adups Technology, and according to the company, is contained on over 700 million phones worldwide, including phones available in the …
"I smell another transgression by the Chinese Government."
Sending millions of users' digital family silver to a single well-known server, apparently without certificate pinning? Using plain old DES in the mix? I know one should never underrate the power of human stupidity, but frankly I'd expect Chinese surveillance agencies to make a better job of it. Actually, I think even North-Corea would do a better job these days...
I'm beginning to think that trusting *any* software coming out of China is inadvisable.
It's hard to avoid, since so many computers, phones and other electronics are made there. You have no idea what might be tucked away in UEFI, or the firmware of your hard drive, or your phone's CPU.
I have a sinking feeling that when World War 3 starts, every Chinese-made computer, router, phone, etc. in the west will shut down.
I think this is correct. In fact my guess is that any given Android device is likely to have multiple backdoors and leakers, some government sponsored, some built in by Google from the start, some from chip manufacturers, some from ad/spamware app makers, some from criminal networks - possibly something put there by your spouse and/or your boss as well. Then you have the various wire taps on the mobile network, and on the Internet itself. Remember that Huawei make most of the infrastructure hardware used in UK mobile networks (and most of our home network routers as well), and that Huawei ≈ Chinese govt. Remember that our own government runs (not so secret any more) massive bulk data collection and analysis programmes. I think it's safe to assume that every call you make, every text you send, every HTTP request you make, is seen, logged and analysed by multiple parties, some more benign than others. If you think this sounds overly paranoid then you haven't been paying attention.
And as any Cavendish grower will tell you: a big part of the problem is monoculture.
"I think this is correct. In fact my guess is that any given Android device is likely to have multiple backdoors and leakers, some government sponsored, some built in by Google from the start, some from chip manufacturers, some from ad/spamware app makers, some from criminal networks - possibly something put there by your spouse and/or your boss as well. "
No wonder battery life is so poor on Android phones.
And now Google makes you turn on GPS to get some basic crap working. Let me just enter my location manually FFS! I DON'T WANT 1984 TO ARRIVE YET!
"https://www.apnic.net , put the numbers in the box at the top, press return and all will be revealed."
Its not advisable to take the piss out of other people if you don't even know the simplest solution yourself.
Go to the command line (know what that is?) and type "whois 118.193.254.27".
This post has been deleted by its author
"contractress."
No such word.
I don't think language works how you seem to think it does. (If it did you could have at least constructed a full sentence).
"As I do not know the posters technical ability"
Given they're posting to this site I suspect they're not novices.
Really? REALLY?? You quite often get posters on here who've clearly not even read the article they're commenting on. All you can be sure of is they can possibly manage to use some technical equipment without electrocution; or dictate to their carer.
"Run along now."
You're going to have to work harder at being patronising.
Oh, I dunno; I laughed out loud at that bit. Condescension to a tee. (I believe someone younger than myself might remark that 'you got served').
"I don't think language works how you seem to think it does. (If it did you could have at least constructed a full sentence)."
You can't just make up a word and expect it to suddenly appear in the OED or for others not to pick you up on it.
"Really? REALLY??"
Yes really. You think someone who normally is googling Towie is suddenly going to reply to an article on an exploit in android phones?
"Oh, I dunno; I laughed out loud at that bit. Condescension to a tee. (I believe someone younger than myself might remark that 'you got served')."
If you think thats clever condescension then clearly you've never been on usenet. It would rate a 2/10 at best. The only thing that got served was "her" (I doubt its a she anyway) smart ass on a plate.
REAL* sysadmins do not use the command line. Real sysadmins sense the route taken from the spin of the photons flowing throughthe fibre.
Rosie
*Robotically Enhanced Advanced Lifeforms for those at the back of the class. Yes Smithers, I'm talking to you.
What fucked up distro do you use? Does it not have ping or traceroute or ssh installed either?
From my own experience, none of the following have the full set of network tools installed by default:
Redhat, Centos, Ubuntu, Debian (and its offshoots, like Mint).
They do have ping, and ssh, but not traceroute, whois, dig etc.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
