[ksml]

I think you're terribly naive if you think a phone kernel has no attack surface. It is absolutely a security risk to run an outdated kernel. It has nothing to do with whether there are services running for a hacker to connect to; it's about whether it's possible for an attacker to trigger buggy behavior somehow, whether that's sending malformed packets or Bluetooth frames or invoking patterns of syscalls that cause bad things to happen. Heck, here's an obscure bug in Linux on the front page of HN right now, which Android is based on: https://googleprojectzero.blogspot.com/2021/10/how-simple-li... Also, I know GP was specifically talking about upgrading the kernel, but keeping drivers patched is much harder without vendor support, and there's likely to be more attack surface there.

[soylentnewsorg]

your phone is not a linux server. yes, if you install a virus or an outdated app, someone can daisychain a priv escalation using a kernel bug. no need for that though - my phone is already rooted.

Your car has pieces that run linux too. Guess an attacker can make you crash.

> drivers

since this is about iphone and android comparison, guess what has those same driver blobs form those same exact manufacturers. apple doesn't make their own bluetooth chips. oh, btw, the drivers get updated just fine, since that's part of the kernel and os, which all get updated just fine.

google supports kernel 4.1 till 2024 for android 11. the nexus from 2014 runs 4.9. so probably 2026 kernel and android, fully patched - 12 years.

oh, sorry, did you forget this thread started with a guy claiming ios is great because you can put later versions of the OS on there? where's that iphone from 12 years ago running the latest version of ios, and still performing fast? because that's what this thread is about.

[ksml]

I really don't get why you're so hung up on this server thing. Yes, a phone is not a server. But it still runs a lot of complicated software. Software has bugs. We haven't found all the bugs yet. Hence, it's important to keep all of the software as up-to-date as possible for when people find some of the bugs.

> Your car has pieces that run linux too. Guess an attacker can make you crash.

Actually, yes... https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig... http://www.autosec.org/pubs/cars-usenixsec2011.pdf

> the drivers get updated just fine, since that's part of the kernel and os, which all get updated just fine.

Just because the kernel is getting updated does not mean the drivers and firmware are also getting updated. Drivers are specific to hardware, and if a vendor stops shipping updates for some chip that is no longer used in newer phones, then you aren't going to get updates for that chip.

> since this is about iphone and android comparison

This isn't about iphone and android comparison, not for me. You made naive claims about kernels not having attack surface and unimportance of staying updated, and I am responding to those claims.