Google confirms some Android phones shipped with backdoor

[mr moose]

Apple is more secure, almost, maybe kinda, only in some case and only if you play mental gymnastics to exclude a variety of issues.

 

https://www.symantec.com/about/newsroom/press-releases/2017/skycure_0718_01

 

 

The one glaring problem with people trying to claim X is better than Y is that neither is better when it comes to security.   All products are susceptible to attack if the attacker is sufficiently equipped and skilled.    There is no such thing as the perfect device.

[JoostinOnline]

22 hours ago, firelighter487 said:

iPhones are so huge if there was malware on it we'd know by now. 

 

Do you mean malware on iOS specifically, or are you suggesting that malware simply doesn't exist for iPhones? Because the latter isn't true. Some malware has even made it onto the App Store.

[Doobeedoo]

Hah well I though I'd see more known ones maybe. 

[TAHIRMIA]

 

 

 

23 hours ago, NeilGiraffeTyson said:

There probably have been (not MAJOR) but big exploits in iPhones that Apple never told the public about.

Not just Apple, It is a thing many large companies have probably done. If nobody knew about it before why bother letting them know about it even if it is fixed. It just opens up a base for other exploits to start from.

[Sauron]

4 minutes ago, TAHIRMIA said:

Not just Apple, It is a thing many large companies have probably done. If nobody knew about it before why bother letting them know about it even if it is fixed. It just opens up a base for other exploits to start from.

Not necessarily, and letting people know about a vulnerability patch is important because it lets them know they should update.

[LAwLz]

11 hours ago, mr moose said:

Apple is more secure, almost, maybe kinda, only in some case and only if you play mental gymnastics to exclude a variety of issues.

 

https://www.symantec.com/about/newsroom/press-releases/2017/skycure_0718_01

 

 

The one glaring problem with people trying to claim X is better than Y is that neither is better when it comes to security.   All products are susceptible to attack if the attacker is sufficiently equipped and skilled.    There is no such thing as the perfect device.

It is pretty safe to say that ios is more secure than android though. Security is a scale, so pointing to a handful of examples and going "see? iOS has issues so therefore it is equal in security to android" is not accurate. 

 

Just because no system is perfect, security wise, doesn't mean all are equally secure/unsecure. 

 

And there are plenty of ways to measure different aspects of security, and iOS comes out on top in a lot of them. 

 

For example this would most likely never happen on iOS devices. The firmware is signed and verified on boot in iOS. You can do the same in Android, but since it's the manufacturers in control of the signature list and not Google it doesn't really matter. They can just add exceptions for their own modified firmware. That can't be done with iOS devices without breaking the imposed chain of trust from Apple (which is detectable). 

 

 

Although, if we want to put on our tinfoil hats we could just say that Apple might be collecting data in the same way these Chinese companies does. But in that case I'd argue that:

1) If Apple profited from user data in that way (harvesting and selling it) it would show up in their financial reports. 

2) It would be far easier to implement in the OS or service, rather than the firmware. 

3) Apple has done a lot to protect user privacy and genuinely seem to care. Not just through words but actions too. That makes me trust them. At the very leadt trust them more than there Chinese android makers I've never heard of. 

[Drak3]

On 6/7/2019 at 2:35 PM, NeilGiraffeTyson said:

Android is MASSIVE globally and is used in markets where iPhone practically doesnt even exist.

iPhones account for 1 in 5 smartphones in use globally. Given that Apple is the only maker of iPhones and that the entry cost is much higher, that's impressive.

 

On 6/7/2019 at 2:35 PM, NeilGiraffeTyson said:

There probably have been (not MAJOR) but big exploits in iPhones that Apple never told the public about.

We would still know about most of them as most exploits are found by third parties, not first parties.

[Sauron]

10 minutes ago, LAwLz said:

For example this would most likely never happen on iOS devices. The firmware is signed and verified on boot in iOS. You can do the same in Android, but since it's the manufacturers in control of the signature list and not Google it doesn't really matter. They can just add exceptions for their own modified firmware. That can't be done with iOS devices without breaking the imposed chain of trust from Apple (which is detectable).

If Apple uses any third party firmware blob they are vulnerable to this - signing the firmware doesn't matter if your contractor is doing something shady.

 

Also Apple could do it intentionally... I doubt they would but since we have no way of knowing for sure it's possible.

11 minutes ago, LAwLz said:

Although, if we want to put on our tinfoil hats we could just say that Apple might be collecting data in the same way these Chinese companies does. But in that case I'd argue that:

1) If Apple profited from user data in that way (harvesting and selling it) it would show up in their financial reports.

Just the other day we had this thread

 

[DrMacintosh]

On 6/7/2019 at 4:36 AM, Sauron said:

How many people do you know who install anti-malware on their iPhone?

Nobody who knows that they are doing, because anti-malware doesn't work on iOS. 

[Sauron]

7 minutes ago, DrMacintosh said:

Nobody who knows that they are doing, because anti-malware doesn't work on iOS. 

Well there you go, catching it through a third party program like in this case wouldn't be possible.

[DrMacintosh]

4 minutes ago, Sauron said:

Well there you go, catching it through a third party program like in this case wouldn't be possible.

Nope. That's why Apple takes so much effort to secure the iOS firmware signing process and is why jailbreaking is so difficult. Apple keeps iOS locked down to keep it secure and safe. That has its downsides, but it also has a lot of upsides. It's up to the user to decide if they want freedom and customizability of Android, or the ease of use and security of iOS. 

 

Though iOS 13 just catapulted iOS pretty far into Android territory as far as technical ability is concerned. 

[Sauron]

Just now, DrMacintosh said:

Nope. That's why Apple takes so much effort to secure the iOS firmware signing process and is why jailbreaking is so difficult. Apple keeps iOS locked down to keep it secure and safe. That has its downsides, but it also has a lot of upsides. It's up to the user to decide if they want freedom and customizability or the ease of use and security of iOS. 

 

Though iOS 13 just catapulted iOS pretty far into Android territory as far as technical ability is concerned. 

My point is that we simply don't know what's in the firmware blob and you're placing blind trust in Apple. If they make a mistake or intentionally do something malicious you may never find out. Hence why in this specific circumstance iphones are no more inherently secure than android phones; it has nothing to do with the operating system.

[Jito463]

On 6/7/2019 at 5:56 AM, JoostinOnline said:

I've got tin cans and a piece of string. Try to hack that!

I've got a paper clip and a second string that says I can.

On 6/7/2019 at 8:33 AM, TVwazhere said:

 

^{If you dont get this this we cant be friends}

That's from some Star Trek Gate Wars thing, right?

 

 

 

 

 

 

 

 

_{^{I kid, I KID!}}

[DrMacintosh]

1 minute ago, Sauron said:

If they make a mistake or intentionally do something malicious you may never find out.

I concede; yes that is a possibility. A very slight one, and a very tin-foil hat one at that. 

[The King of the Undead]

I am gonna call this the size effect the less market share or the less important market share the less likely to get hacked and even if there is a backdoor it is less likely to be discovered by a outside source.

[Sauron]

4 minutes ago, will1432 said:

I am gonna call this the size effect the less market share or the less important market share the less likely to get hacked.

This is not quite a hack, it's a third party supplier intentionally planting a trojan in their own firmware.

[The King of the Undead]

Just now, Sauron said:

This is not quite a hack, it's a third party supplier intentionally planting a trojan in their own firmware.

true let me edit

[mr moose]

1 hour ago, LAwLz said:

Snip

 

To make absolute claims you need absolute evidence. Otherwise we are talking probabilities. 

 

Somethings need qualifiers because people hear only what they want to hear.  Especially after being subject to marketing guff for any period of time.

 

 

[LAwLz]

11 hours ago, mr moose said:

To make absolute claims you need absolute evidence. Otherwise we are talking probabilities. 

 

Somethings need qualifiers because people hear only what they want to hear.  Especially after being subject to marketing guff for any period of time.

Rarely anything in life can be said with absolute certainty. But not all probabilities are equal either. If the probability of someone with an android device having their security compromised is let's say 60%, and the probability of an iOS user being compromised is 10% then you can't just go "well both are insecure and neither one is perfect, so they might as well be equal". 

That's not how security works. It's a scale. 

 

 

And believe me, I put very little faith in marketing. That's why I often don't trust claims from Microsoft and Google. Because they are mostly just empty words, and then a while later they get caught by third parties acting in the opposite way of what they are promoting. I don't trust apple's words either. But I do trust good design and statistics. Especially if those are backed up and verified by multiple third party experts. Like for example the secure enclave. Fantastic design and concept. It has also proven itself in real life time after time. 

[mr moose]

1 hour ago, LAwLz said:

Rarely anything in life can be said with absolute certainty. But not all probabilities are equal either.

That is why they are called probabilities.

[LAwLz]

49 minutes ago, mr moose said:

That is why they are called probabilities.

I don't get your point. What argument are you trying to make?

 

I interpreted your post as saying that iOS wasn't more secure than android. You kind of said that when you said thst it was only in certain scenarios and only if you did a bunch of mental gymnastics. I replied to that post by pointing out ways that iOS devices are more secure, and to that you just replied that it was probabilities. So what? That doesn't mean iOS is less or equally secure to android. 

 

My point is that iOS is more safe than android. Of course it is not perfect, but no system is. Saying that it is not perfect is a completely meaningless thing to say because thay does not mean it isn't more safe than other systems. Again, security is a scale. 

[Misanthrope]

I remember when everybody was shocked Huawei was not going to ship Android anymore, funny how that quickly becomes a feature.

[D13H4RD]

>Leagoo

 

Well, I was right when I concluded that they were shite.....back in 2015 

[Bouzoo]

21 hours ago, DrMacintosh said:

Though iOS 13 just catapulted iOS pretty far into Android territory as far as technical ability is concerned. 

In some things they went ahead of Android, but in some they are still miles behind. It's what you deem important.

[mr moose]

11 hours ago, LAwLz said:

I don't get your point. What argument are you trying to make?

 

I interpreted your post as saying that iOS wasn't more secure than android. You kind of said that when you said thst it was only in certain scenarios and only if you did a bunch of mental gymnastics. I replied to that post by pointing out ways that iOS devices are more secure, and to that you just replied that it was probabilities. So what? That doesn't mean iOS is less or equally secure to android. 

 

My point is that iOS is more safe than android. Of course it is not perfect, but no system is. Saying that it is not perfect is a completely meaningless thing to say because thay does not mean it isn't more safe than other systems. Again, security is a scale. 

 

 

My point was not supposed to be an all in detail analysis of malware probabilities,  it was merely that when people use language the way they do (in this thread things like claiming IOS is so big if it had malware we'd know by now).  The constant and ongoing misrepresentations of a products technical attributes becomes a trope.  

 

I liken it to the "apple don't sell your data" issue,  maybe apple themselves didn't, but it is constantly repeated in a manner that strongly suggests it won't happen. Then there's old adage about macs not getting viruses etc.  I saw this thread, the unqualified mention of apple given the context of the problem (it more likely being a manufacturer issue not an android issue), and decided it was more of the same.   We don't need an absolute discussion on security because it doesn't exist here.  Hence why I only posted on link to minor malware content on iphones. It only needs to happen once, after that all bets are off.  Especially considering the possibility that the company didn't know someone had infected their firmware.  

 

Sorry if I wasn't clear enough earlier.