|
|
|
|
|
|
by Jaepa
3231 days ago
|
|
|
With Broadpwn; Largely yes. Android and iOS both published security fixed before this was presented at Blackhat. But: 1. Android is kind of tricky though, as firmware updates generally come from the carrier not the manufacturers, and even if its from the manufacturers its still down stream of the actual patches. But the factor is kind of moot if a phone isn't getting security upgrades. 2. Google has been trying to decouple security and firmware updates, but this is only on more recent phones. As for how much of an issue this is. Its kind of impossible to tell. It been out for less than a month at this point. And of course there are all the devices that are now unsupported and will not receive updates. Ok for StageFright. Do you have those enabled? How many users do you think will? |
|
|
For StageFright: I assume by "enabled" you mean "disabled"? Yes, I've already mitigated; it took me like 30 seconds. See this comment [1]. I'm not claiming laymen would or should do this, but I wasn't making that claim originally either. I was responding to someone on HN who presumably understands something about technology and who felt guilty about buying phones and polluting the planet periodically just for the security updates. I'm saying he's most likely already more than capable enough to solve that problem without any tangible negative effects to himself. I'm doing that myself and it's working fine for me, I'm not losing any time to this at all, and I don't think I'm any better with phones than he is. It's completely possible and won't really cost you anything at all (it'll save you money and save the planet garbage); you just need to find the willpower. For a non-techy person the story might be different.
[1] https://news.ycombinator.com/item?id=15040700