Hacker News new | past | comments | ask | show | jobs | submit login
Snapdragon chip flaws put 1B Android phones at risk of data theft (arstechnica.com)
247 points by frankjr on Aug 8, 2020 | hide | past | favorite | 118 comments



I have never had an iOS device in my life, but these three paragraphs provide probably the most convincing reason to finally make the switch:

> A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomm’s Snapdragon chip, researchers reported this week.

> The vulnerabilities can be exploited when a target downloads a video or other content that’s rendered by the chip. Targets can also be attacked by installing malicious apps that require no permissions at all.

> From there, attackers can monitor locations and listen to nearby audio in real time and exfiltrate photos and videos. Exploits also make it possible to render the phone completely unresponsive. Infections can be hidden from the operating system in a way that makes disinfecting difficult.


I like Apples devices, but aren't they just as vulnerable to CPU bugs?

There's plenty of good reasons to use an iOS device (and some good reasons to avoid one), but I wouldn't think that CPU bug would be a particularly strong reason on either side.


Bugs can be discovered anywhere. The question is whether those bugs will be patched.

The original iPhone SE is about to start it's sixth year of OS updates and security patches.

Which works out to less than $70 per supported year.

That's a legitimate advantage over the Android ecosystem.


and literally any 10 year old android phone can run not just the latest security patches but even the latest android. you are taking the iphone limitation of 'os must be from hardware manufacturer' and for some reason applying it to android phones.

my 10 year old motorola nexus is running android 10 -which is the current version. you install the new os on android by downloading an app, which installs the new os on reboot. it takes 15 minutes, and gramma can do it.

next you'll tell me mac laptops are better because you can't put windows 10 on your old hp laptop, because hp's system image for it only goes to windows 7.


Sure, installing the updates may be simple, but getting the OS installed in the first place is not quite as simple.

Also, many Android devices don’t even have unlockable bootloaders. This makes your first statement patently false. There is no way for me to install any updates to my abandoned Acer tablet as the bootloader is locked and the device is abandoned.

It may be true to say “many Android devices can be updated through community projects” but you’re glossing over a lot of complexity.

I


I rarely root devices but I have yet to own an Android device that couldn't (eventually) be rooted using a community tool. This is anecdotal, there must be exceptions, but in my experience "locked bootloader" just means it might be a while before someone finds an exploit.

Easy enough for grandma, maybe not so much.


> Easy enough for grandma, maybe not so much.

This is pretty important when we're taking about a billion devices. The amount of people who do this is irrelevant and thus 99% or more of these users will be vulnerable until their phone stops working or the Facebook app no longer supports such an old version, forcing them to get a new one [assuming new Snapdragon chips fix the issue].


Right I never suggested otherwise, just clearing up the misconception that a locked bootloader automatically means the phone's OS can't be updated.


How do you keep a straight face and say something like “security updates are possible as soon as someone discovers an exploit”?

Deary me.


The exploits in question generally require having the device in your possession and unlocking it.

I think the distinction is pretty clear.


Exploits, plural.

Kinda proves my point: chain of exploits.


this is like saying to only buy mac laptops, because an os is hard to install on your laptop. I guess that's why the corporate world and other people don't run a bunch of linux. because it's a "community project." redhad and ubunty are community projects. gotcha. they are. just like lineageos. supported by hundreds of paid developers and many huge companies.

installing an os on your phone is not simple. but it is harder than installing it on your laptop. and because installing it on a laptop is hard, people don't buy copies of windows and never have.

i am not glossing over complexity. but this is not complexity. anything apparently is complexity to you if it's not "buy small computer, and literally do nothing." yes, doing something is "complexity." opening a door requires keys. too complex.

us somewhat technical people, like this entire site and literally a third of the population, can follow xda directions. my gramma can watch a 15 minute youtube video and just click exactly what it says. the complexity is not complex.

as far as unlockable bootloaders, there are some. i can count on one hand, out of the hundreds of phones I can buy. if by many you mean 2%, sure. i guess that 2% means don't use 98% of phones. strange how apple is unlockable on 100% of their phones, yet that 2% is "worse."

When you play pretend with fake information, the only thing you are doing with the narrative is making yourself look like you're spreading narrative. this works for fox news watchers like yourself. not on a forum with a bunch of downvoting nerds.


If I asked 90% of folks on the street to “just format your hard drive and install a Linux ISO” I’m going to get blank stares or a million questions.

In addition, it’s not about community projects being inferior. I’m a big believer in FOSS, strive to run nothing but FOSS, and avid contributors and publisher of FOSS. It’s about support. And, for the record, Ubuntu and Redhat are corporate projects though they depend and include many community projects and offer their products for free. Lineage is a community project.

Corporations do heavily use open source, but they also pay vendors for support. The average user also expects support from their vendor. Either their mobile provider or phone manufacturer. If they unlock and install LineageOS, they get none.

Your assumptions are way off base. First about the public’s likelihood to do what you’re recommending and second about me.

For the record, I’m one of the original members of TeamWin, helped write TWRP, have contributed to CyanogenMod. I’m not some uninformed schmuck. I definitely know how to flash a ROM.


if you asked your 90% what iOS was they couldn't answer you either, despite having an iphone in their pocket, so don't see your point. and those people won't have a 4yo phone in the pocket either -it'll be refreshed every couple of years, and still under automated ota updates.

so again you're moving the goalpost. the claim of the op was old phones from apple are superior because they get vendor security patches, and android does not. which is factually false.


Dang, I wish my grandma was a AOSP contributor.

But most phones in the United States sold within the last decade had the bootloaders locked so you can’t install another rom even if you knew how to do it.


Is it USA thing or something more common? Seems like technical people around me change firmware with no problem. I only heard that some phones have limits, after which you can't reflash a firmware.


Z3 Compact was my personal experience with Android devices, I’ve since bailed back to iPhones: https://www.androidpolice.com/2014/10/02/unlocking-the-bootl...

> When the bootloader is unlocked, the device loses certain DRM security keys. That means you can't purchase content from Sony's storefronts and a few licensed features won't work, but it apparently also means basic features of the phone are negatively affected. A Sony rep has confirmed that some advanced camera algorithms on the new generation of devices like the Z3 and Z3 Compact are protected by DRM. If you unlock the phone, those features stop working. Apparently that causes photos in low-light to be noisier and poorly balanced.

> This isn't the first time Sony's bootloader unlock has come with some major drawbacks—unlocking past devices could actually break camera functionality (this was technically a bug). There have always been a few proprietary features that stop working, but the difference in image quality this time is allegedly noticeable.

> Update: Sony has updated the text of the bootloader unlock warning on its website to be clear about the camera impact. It reads, "...the removal of DRM security keys may affect advanced camera functionality. For example, noise reduction algorithms might be removed, and performance when taking photos in low-light conditions might be affected."


IMO, Unlockable but lost some features is somewhat reasonable restriction. Things like if you install Ubuntu you can't use Windows Explorer.


[flagged]


Could you link me an online resource detailing that process? I've been wanting to put the accumulation of old phones to use.


go to lineageos, click on your phone. this'll get all your old phines the same type of android.

it's not what i do -i used a fairly weird build.

the generic steps for ine way of doing it: download a recovery program, install it on the phone. pick the android rom you want from the recovery program. click install. it'll reboot your phone and install it. this is the way a gramma can do it.

a prefer hooking it up to my laptop with a usb cable and just typing the commands in the android shell. that is the way gramma cannot do it.


HN is not for politics, and especially not for political shit-flinging.


[flagged]


What a selfish way of looking at things. The site guidelines [1] exist for a reason, one of those reasons being that most HN users don't open the comments of an article about a few severe Qualcomm CVEs to read comments randomly laced with "orange man bad".

[1] https://news.ycombinator.com/newsguidelines.html


but they do open them, and see a comparison between trump voter delusions and apple fanboy delusions. making that comparison is not discussing politics. now if you want to pretend trumpers are smart people not made fun of on every corner of popular culture, my comparison would be invalid. this would however mean you yourself are delusional, making the comparison valid.

what we don't want to see is endless discussions about the discussion itself. because it's offtopic spam. if you want to discuss how we discuss things, open a separate post about it, and don't do it in a thread about phone cpus.


I take it you are familiar with Samsung Galaxy phones?


You can unlock the bootloader on many Galaxy phones by going into Developer Settings and turn on OEM unlocking.


Unfortunately, this is not true of most new Galaxy phones sold in the United States.


correct. and samsung unlocks those for free if you ask them.


Google bricked my Android phone many years ago by deactivating the auth server used for logging into the phone with your Google account. The phone didn’t support Cyanogen so I literally just had to stop using it purely due to Google deciding it was time to kill it.

So don’t give me this nonsense that Android phones live forever.


hmm. google didn't brick mine. i don't have a google account, or any google services on my phone. that's like saying microsoft bricked your windows laptop, so don't buy laptops with linux or bsd.

cyanogen? there are a hundred other builds. google your phone model and custom rom.

they don't live forever but they do live over 10 years on the latest android. which beats apple and their security patches any day.


Google hasn’t bricked your phone (yet) and they bricked mine so you expect me to be excited? You said any old Android phone could run the newest stuff but it’s a lie. I can still use my original iPhone other than it being slow but I literally cannot use my HTC phone that Google deactivated the auth server for. There is no “update to the newest Android” because the hardware is “too old” for modern Android and they cut the phone off from upgrades. Which is fine, except they also cut off the DNS for the “login to Android” feature so it’s bricked. It would have been a great travel phone still as it had been for many years, but Google got greedy.

There was no cyanogen or other alternative supported. It’s not a matter of googling more. They didn’t support the phone model.


I think you're massively exaggerating the stability of running unsupported versions of Android on old devices.

> and literally any 10 year old android phone can run not just the latest security patches but even the latest android.

Not in my experience. Some models work decently, others have major stability issues.


so pick a rom that's common and well supported and popular for your phone model. i'm guessing your experience includes zero reading about what rom is best for what phone, before you put it on. kinda like buying a 2 star rated tv on amazon.

oh look, i googled 'best custom rom for nexus 6' and every result has good roms.


I think you're being needlessly confrontational and defensive. There's no need to make personal accusations about my ability to do research.


Lol who's your gramma?


In my personal experience, the sole reason for those updates is to cripple your hardware and battery life in order for you to upgrade to newer hardware.


In my experience, my iPhone 6 is perfectly usable, as is an old SE and 6S Plus. Batteries degrade, and after being replaced they work fine. And they’re still getting updates this year.


>Batteries degrade, and after being replaced they work fine.

If the batteries were user replaceable, it would have been a perfect story.

Sending the device back to the manufacturer (authorised service center) can be inconvenience(data formatting, TOTP apps etc.) at best to security breach(malware install, device imaging etc.) at worst.

Also, if indeed a user decides to replace the battery on their own, an iPhone is the least repairable phone out there and getting worse with every iteration.


The procedure to get an iphone battery replaced is to make an appointment at the apple store and they swap it out as you wait.


That's great if you live near an Apple Store, but only 25 countries have Apple Stores and half of those only have 1-3 stores for the whole country.


Then you can go to an AASP.


Or spend 15-30 minutes replacing it yourself?


Does the technician change battery before your eyes? Didn't happen when I went to AASP and anything can happen in that room they do their work.

Maybe we know a technician we trust, who can repair iPhone before our eyes, but alas independent repair shops doesn't get Apple love[1].

[1]https://www.macrumors.com/2020/02/06/apple-independent-repai...


I can second this. I’m hanging on to my SE for the form factor and it’s still going strong. My wife’s SE is nearing a battery replacement after what feels like half a decade of usage. I dread the day the SE will no longer be supported.

Typing this on an iPhone SE


Guess you didn't read the articles explaining that reduced performance on phones with heavily amortised batteries is to be expected. And didn't read the testimonials of people who paid for a new battery and got their device working fast again.


Refusing to fix bugs and issue patches is much cheaper, if forcing obsolescence is your goal.


The vast majority of security vulnerabilities and bugs that end users experience are fixed within the first few years of the device's shelf life. Security vulnerabilities tend to go unnoticed by most end users, and therefore don't really play a role in forcing users to upgrade.

Wouldn't it be nice though if users could choose to patch security vulnerabilities without installing updates that deliberately slow down the phone?


Do you have a citation supporting the claim that old bugs don’t affect users? That’s certainly not true in the Windows world.

Similarly, “updates that deliberately slow down the phone” sounds like a conspiracy theory. The closest we’ve come to that being real would have required a caveat “… when your battery has degraded to the point that the phone would otherwise crash”, which is an important distinction.


It's pretty hard to fine a company that has one of the world's largest legal departments €25m based on a conspiracy theory. And no, that caveat isn't even close to the truth. Apple states that they do it "once the battery begins to degrade", which is so ambiguous that it could even apply to brand new batteries, because all batteries begin to degrade upon their first usage. In my case, I had a 9 month old iPhone 6 that drastically slowed down due to the update. When the apple store told me that it only slowed down phones with aging batteries, I asked them to replace my battery for my phone which was still under warranty. They "tested" it and told me my battery life was perfectly fine. Fuck that...have not and will not ever buy an apple product ever again.


How could you tell it slowed down?

You must be just as friendly in person as online if you are one of the few people ever to have an Apple store employee not go the extra mile for you.


Funny you say that, cause apple has had to pay a $53m fine precisely because those oh-so-friendly apple store employees won't even go a normal mile in honoring their warranty, let alone an extra mile. https://arstechnica.com/gadgets/2013/04/apple-poised-to-pay-...


Typing this on a perfectly fast iPhone 6.


I like Android One devices and the complete freedom of choice they provide me, but the likehood and the severity of CPU vulnerabilites seem to be much higher with Snapdragon chips.

Also, the security patches arrive much slower to Android than to iOS devices.

And I am especially concerned about ARM's TrustZone, which seems to be inferior to Apple's Secure Enclave.


This is the first exploit specific to snapdragon that I've ever heard of. Were there others?


Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices (2020)

https://blog.zimperium.com/multiple-kernel-vulnerabilities-a...

The Road to Qualcomm TrustZone Apps Fuzzing (2019)

https://research.checkpoint.com/2019/the-road-to-qualcomm-tr...

QualPwn - Exploiting Qualcomm WLAN and Modem Over The Air (2019)

https://blade.tencent.com/en/advisories/qualpwn/

QuadRooter: New Android Vulnerabilities in Over 900 Million Devices (2016)

https://blog.checkpoint.com/2016/08/07/quadrooter/


Those are software bugs thoughe except the WLAN one. But Apple has had same kind of WLAN firmware vulns.

The software vulns demonstrate serious failures of the Qualcomm product package of course, and is only relevant from POV of how the fixes can be deployed.


I'm sure there are, remember the bezos hack? Wasnt it a video from snapchat on iphone or something? But mostly the ones coming from Apple seem to be physical access only. You can assume, as with any personal computing device, once it's in someone else's hands, your data is as good as theirs.

Some make it more difficult than others. But 400 remote access vulnerabilities is a completely different ball game.


There is no specific information available about the nature of the vulnerabilities or possible mitigation.

Arstechnica.com is sensationalizing the news, when it comes to security I would rely on actual sec researchers.

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-b...


I’m not sure what your point was: that’s the same article Ars linked, with the same message and no additional information because, as the Ars writer noted, they’re withholding details until the vendors fix it.


No. He's saying that without the technical details, Ars is overblowing this issue. Maybe exploitation requires radio gear of $5k and being present next to the victim while their BLE is turned on. Without the details, you can't say if this is a big issue or just another overhyped Check Point research paper, as this company has a history of doing.


That doesn’t make any sense: he said to trust the researchers, but Check Point is saying nothing different. If the theory was the different one you’re offering, the advice would be not to trust the researchers.


Checkpoint does not say that just playing a video file can exploit these bugs.


The Ars article includes the CVEs.


The technical details are withheld for the time being until (presumably) systems are patched. The Ars article includes the CVEs, which is all the technical detail that's currently available.


There are currently so many vulnerabilities in Apple devices that their market value is rather low. Android exploits are currently worth more because they are harder to come by.


Would you mind providing some info to back this up?

Last I heard (2018) iOS vulns were going for $1mil+


https://zerodium.com/program.html puts android marginally ahead right now. Shifts around over time, though.


Whats special here? Apple similarly had full remote kernel takeovers from vulnerabilities in e.g. a Broadcom WiFi chip.

This isn't even making anything close to that claim, it seems more like a privilege escalation situation.


I've just read the ARS article and comments, but it's a bug in the DSP library call Hexagon that somehow allows you to screw with the libraries being used. Apple uses Hexagon too.

I continually see these comments that security in Android is crap or Apple is so much better. Right now I find it hard to pick the difference between the two. There is almost none in terms of blow me away "how the fuck can we stop continually doing this to ourselves" type exploits - like the drive by total takeover of iOS China was using to target Uighurs. That is as bad as it gets, and both Android and Apple have had their share.

There is a superficial difference in how tightly they curate their app stores. Obviously, iTunes is better policed, but hyper vigilant police always inject their own opinions into what is allowed and isn't. Some people are happy to forgo a little functionality for peace of mind. But since both iOS and Android provide guaranteed to work (if there are no bloody bugs this week) [Uninstall] button, and both have been known and delete apps they've taking a disliking to without asking or informing you, security wise the outcome is is pretty similar regardless of the app store policy.


Ah, so it's actually pretty simple to avoid this vulnerability: all I need to do is upgrade to an Android phone based on one of the several competitive Snapdragon alternatives that are bound to be widely available given the staggering size of the market.

Hold on, I'm sure I'll find one any minute now...


There was KIRIN from Huawei which was quite good before US killed it due to national security concerns.

And now US chip is genuine security concern for rest of the world.


What about samsung exynos and mediatek?


The new Samsung Galaxy Note 20 Ultra ships with Exynos in the UK and EU but performance drops against the same phone running Snapdragon (shipped in the US).

So whilst the security might be better, we're (tech geeks in EU/UK) don't want to pay the same price for a less performant phone sadly :/

But maybe in a few iterations!


I'm wondering why do people need the "performant phone". All the Android phones that I've had or seen in the last few years run the OS and apps with no issues. The amount of RAM might limit the multi-tasking, but otherwise I can't imagine a real-life use-case where I may want a "performant phone".

Can you maybe shed some light on this for me, please?


It starts to matter a lot with things like AR, video games etc. I work on an AR mobile product and the performance advantage for iOS is substantial. Outside of flagships, the performance of AR on android is pretty bad, while as far back as iPhone 8 you’re maintaining 60fps no problems. I haven’t tested older than that but I tend to believe the oft-quoted 5 year performance lead on the A series chips.


Nobody gives a crap about phone AR. And of those who play games the vast majority play games that don't need performance.


It has nothing to do with performance in all honesty for my own use case.

It has to do with being short-handed when comparing the "same" product in the US to the one I would receive here in the UK. I rarely update my phone so if I spend £1,000+ on a flagship, I expect a flagship especially when it's available elsewhere.


As far as I can tell, in the US market they're almost entirely confined to low-end models and non-phone devices (tablets/Chromebooks/smart TVs). Importing, as a practical matter, seems to mean no support/warranty, and it looks like most models intended for other regions don't have full support for the bands used by US networks.


MTK is open by default (no bootloader lock, easy unbrickable recovery), or at least that's what it was a few years ago when I bought one. Great for the modding scene, but probably not liked by the authoritarian-paranoid.


There is no reason to believe Qualcomm is more broken than competitors wrt this class of vulns.

(read the article or the original blog, q: "The more than 400 distinct bugs")


True, but the larger point is that the monoculture arguably makes the impact of any given vulnerability worse. Similar to how any given CDN/cloud provider probably has much better uptime than old-school web hosts, but now roughly half the Internet can be broken by one provider having an outage.


Using sarcasm is against HN guidelines - covered by "Don't be snarky". Personally I enjoy being sarcastic, but I less enjoy the sarcasm of others!


Sarcasm is not against the Hacker News guidelines.


I didn't think so either, until I was corrected by the moderators: https://news.ycombinator.com/item?id=23482110

The grand-parent comment of dang's response is of very similar tone to the one above. I am just trying to follow what dang has said.


I'm pretty sure 'dang's referring to snark, which you called out in the comment he's responding to ("but being snarky is against the hn guidelines"), not sarcasm there. Though, I do think you're right that the community often reacts negatively to sarcasm. It usually doesn't add much substance to the conversation.


You are right - there is some nuance between sarcasm and snarkyness. Dang alludes to it here: https://news.ycombinator.com/item?id=21187460


Often because sarcasm can be hard to detect textually.


Checkpoint's release for these vulnerabilities is here https://blog.checkpoint.com/2020/08/06/achilles-small-chip-b...

not clear from the writeup how many devices are affected. They fuzz-tested 'a DSP chip' (sounds like just one) and then say that Qualcomm products are used in 40% of devices.

press release focuses on exfiltrating media + GPS, not clear if this is a rootkit that can access the keyboard or take over your email.

'more than 400 vulnerable pieces of code were found' not clear to me -- maybe I don't know how fuzzing DSPs work? Do they have access to the source code because the image decoder is open source?


The qemu linux userspace implementation for hexagon is recently available and open source, yes. Not sure whether it would've been any harder to do fuzzing with the closed-source simulator that's been available for a long time. But the fuzzer doesn't need the libraries' source, it just makes it easier for the fuzzer if it has access to the source. And the availability of emulator or simulator code is probably independent of this too.

The 400 distinct bugs are the uniquely faulting instructions or paths uncovered by the fuzzer.


Blog spam. Typical ArsTechnica these days.

Here's the actual report: https://blog.checkpoint.com/2020/08/06/achilles-small-chip-b...


Honestly this "report" is similarly devoid of any substantive content despite being the original source. At some point they discuss the dictionary meaning of DSP.

Your best bet for any details is apparently this DEF CON presentation:

https://www.youtube.com/watch?v=CrLJ29quZY8


Thanks for the link, but the Ars report provides some additional context that I think is informative and useful, and is written in a more readable style than the Checkpoint press release.


DEF CON talk given by Check Point a few days ago: https://www.youtube.com/watch?v=CrLJ29quZY8


The article is pretty spartan in details regarding the vulnerability but as I understand it, the DSP is the attack vector.

Wouldn't it make sense for Qualcomm to hardware/software sandbox the memory content being processed by each part of the SoC?

Would such an attack also work on PCs with iGPUs, since they share the system memory?


If they isolate the memory that each part of the SoC can process, that means large amounts of data (for high definition video) have to be copied from one processor to another, so there's direct access. Then if the DSP's firmware has buffer overrun bugs, craft a suitable video and read/write whatever memory area you want to. (Not sure that this is what the bug is, but it's my guess).


Yes - that’s what iOS devices and modern computers do. The risks of allowing unrestricted DMA started to get publicized in the mid-2000s when FireWire was used to attack locked Macs. IOMMUs are pretty common now but the OS still has to enable them.


IOMMUs aren't the only way to get secure DMA, it's more common for small devices to have a double-ended device where the other end (OS vs. DSP in this case) needs to set up its own pointers itself. Doing it via page mapping is very heavyweight and used for performance reasons when you need both safety AND fast random access to large regions.


Yes - my main reaction was just that it was something of a surprise to see Qualcomm not using any of the common countermeasures for a class of attack which is not new and for which they’ve had problems in the past.


The modern version of that is thunderbolt naturally.


They likely do sandbox it to some extent. It's routine for these devices to have their own SRAM decoupled from main memory, and to have a hardware-managed window to get to OS-visible RAM. Often there's a DMA controller that does that instead, etc...

But all sandboxes can have holes. The phrasing in the article actually makes it sound more like this is a software bug in the firmware and not a hardware thing per se.

GPUs likewise have a somewhat cooked visibility to DRAM and some amount of mapping and hardware DMA intermediate interfaces. But sure, a similar GPU flaw could do the same thing.


Yikes.

Could Google theoretically remotely disable/remove apps that they identify using the DSP in malicious ways?


If it's in the DSP it may not need to be an app that runs the exploit. Sounds like any malicious audio or video file could do it. Could be something delivered via a streaming site, email, audio embedded in a webpage, etc. This sounds like it could be a very big deal.

It's great that Qualcomm has a fix, but most of the susceptible devices will likely never get it in an update from their manufacturers. And I wonder if there will be a performance or battery life hit like the awful performance hit in the Intel chips. That one cost me a 30% hit on my servers and resulted in 6 figures of unplanned spending to replace that lost capacity.


The fix could also be nothing more than just disable the DSP, a specific functionality or in some other means limit it considerably (for example disabling or heavily restricting its DMA).

So a fix might not be a fix for all, if this bug is in some obscure codec or some extreme edge case that no one uses the fix might be painless, Google might even find a way to soft patch it via GPS but if it’s not then you might have devices either losing key functionality or becoming vulnerable to a pretty severe exploit.

Another question of exploitation is how much hand crafting is required for the payload and does the payload survive common encoders as most social media platforms re-encode or transcode media that is uploaded or shared through their platform even WhatsApp and other messaging apps do it by default (tho those do it to save bandwidth).

If the exploit payload survives common encoders which are used by social media platforms it would be quite a disaster once people understand how it works and can be exploited.

The patch itself also might be bypassable Apple for example fixed an exploit using SEPROM and shortly after that exploit was working again by bypassing the SEPROM boot.


> If it's in the DSP it may not need to be an app that runs the exploit. Sounds like any malicious audio or video file could do it. Could be something delivered via a streaming site, email, audio embedded in a webpage, etc. This sounds like it could be a very big deal.

Seems unlikely to me. DSP data vs DSP code - I think it's in the latter that you'll find vulnerabilities.


Second paragraph in the article: malicious media (i.e. video) can exploit it


Yes they can through google play protect. But first they need to identify the app.


You'd think they'd launch a crash program immediately to do exactly this. "Noone sleeps until this is fixed."

Somehow I doubt that is going to happen, and that's also why I don't use Android.


"Noone sleeps until this is fixed" sounds like a great way to make things even worse.


Poor underpaid google workers.


It’s not about pay. People that don’t sleep make mistakes - no matter what you pay them. Rest is an essential part of performance. Some people may need more and others less, but there’s no one that doesn’t.


No need to take it so literally. I read "No one sleeps until this is fixed" as "This is the top priority, push everything else aside. Do not screw around, stay late if you can. Everyone who can work on this needs to fix it."


[flagged]


I doubt 2020 Google employees have the same level of drive that the NASA employees of Apollo 13 era had. I doubt NASA employees said "I give them what they give me, 40 hours." Employees now a days show up to collect a pay check just long enough so the job looks good on their resumé for the next job.


Half amused, I wonder if the odd recommendations we get on YouTube from time to time are actually steganographs meant to distribute surveillance malware that leveragea this technique.


Uhm wasn't this already the case in augustus 2019?


[flagged]


That's simply not true. AOSP is open source and you can run a Android phone without google services.

You are generalizing the problem of some phone manufactures which deliver phones with software which spies on you but the OS isn't a surveillance platform - instead it's more open than iOS - you can't look at the source code of iOS as simple as you can look at the Android source code.


Can you explain this more?


I welcome you to read the Android privacy policy. It's all explained in there for you.


Yet another reason why the protectionist hit job on Huawei was a bad idea. My Mate 30 Pro will not be affected by this flaw.


> My Mate 30 Pro will not be affected by this flaw

It will just keep being affected by being a bad phone.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: