Hacker News new | ask | show | jobs
by jMyles 3397 days ago
> Compare the security of Android - which we now know to be 'owned' by the US Government

To what are you referring to here, precisely?

Since AOSP is open source, is there a specific line of code that you can point to that contains (or is emblematic of) this insecurity?

Your article doesn't seem to say.
2 comments
benwilber0 3397 days ago
> Here is my take as an information lawyer and (slightly-higher than script-kiddy-level) web developer

as a "(slightly-higher than script-kiddy-level) web developer" I'm going to guess that he doesn't actually know very much about AOSP, the Linux kernel, or indeed GNU/Linux security in general. So his emphatic statement "Compare the security of Android - which we now know to be 'owned' by the US Government" is pretty much worthless as he's very clearly speculating about things that he doesn't understand.

link
libertymcateer 3397 days ago
> I'm going to guess that he doesn't actually know very much about AOSP, the Linux kernel, or indeed GNU/Linux security in general.

I know a fair amount for a 'layperson', which you can (probably rightly) argue means I am unqualified for comment in these circles, and you are right that I am including too much speculation. I absolutely, inarguably overstepped. My bad.

However, with regard to Android being owned - this article is literally about the CIA tools that are used to compromise Android. The trove has been released. It is incontrovertible at this point: https://www.washingtonpost.com/world/national-security/wikil...

The issue is to what extent other fundamental assumptions are now called into question. Is it only android, or is Chrome now suspect as well? What protocols are compromised?

I suspect we will find out more in the coming days, and I should have been more circumspect in my own post. It was unbecoming.

In any event, thanks for your feedback.

link
benwilber0 3397 days ago
You should be careful about making bold proclamations about the supposed insecurity of Linux or AOSP. Especially under the guise of tech-savvy lawyer. And just because you made a browser extension that doesn't trust Chrome's security model doesn't mean you're also qualified to confirm the complete and utter "owning" of the Linux kernel on ~5 year old Android devices.
link
libertymcateer 3396 days ago
Your point is well taken. Consider me suitably chastened.

Back to the question at hand - there seems to be extremely strong evidence that android - and iOS, apparently - are compromised pretty thoroughly. https://betanews.com/2017/03/07/wikileaks-vault-7-cia-year-z...

If this is not the case, then what is your conclusion? Because the claim that is being made far and wide, right now, is that android, ios and samsung smart TVs appear to be fundamentally compromised.

link
chillydawg 3397 days ago
The CIA tools to own it were just leaked. You are commenting on the thread talking about those tools and the leak announcement.
link
jMyles 3397 days ago
As far as I can tell, my question ("which line of code is broken?") is also not answered either in the NYT piece or the wikileaks release. If I'm wrong, do you have a link?
link
libertymcateer 3397 days ago
https://www.washingtonpost.com/world/national-security/wikil...
link