|
Cellular forums Home > Archive > Cell Phone Tech Discussion > June 2007 > Security, Linux and the Roving Bug
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Security, Linux and the Roving Bug
|
|
| Cassandra 2007-06-28, 3:33 pm |
| Her advocates claim Linux is more secure than Windows and as proof they
offer
the list of viruses that target Windows. The rebuttal is typically that
Window is an attractive target for virus writers due to its ubiquity. The
Linux advocate's reply is that, Linux's architecture makes it impossible to
hack. I think we've all seen this exchange. Whether Linux is immune from
hacking is an open question. What if Linux were ubiquitous? Would hackers
try to break in? Could hackers succeed? The answer to these questions is
yes.
Motorola has embraced Linux as the OS to run on its line of cell phones
(http://news.com.com/2100-1001-984424.html). The following link includes
over a dozen cell phone offering, including the Razr, which feature Linux:
http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a leading
cell phone company. Motorola's market share has reached the critical mass
required to make the devices attractive to the l33t haxtorz.
Cell phones are venerable to a security threat called 'The Roving Bug'. The
bug allows people to listen in on you conversations even when the cell phone
is off. People can remotely turn on your cell phone, listen in on your
conversations, upload and download data, and take photos without you knowing
it. The only way to secure your cell phone and your privacy is to remove
the
battery.
Here's what one site has to say:
<quote>
Nextel and Samsung handsets and the Motorola Razr are especially vulnerable
to software downloads that activate their microphones, said James Atkinson,
a
counter-surveillance consultant who has worked closely with government
agencies. "They can be remotely accessed and made to transmit room audio all
the time," he said. "You can do that without having physical access to the
phone."
Because modern handsets are miniature computers, downloaded software could
modify the usual interface that always displays when a call is in progress.
The spyware could then place a call to the FBI and activate the microphone--
all without the owner knowing it happened
</quote> http://hootsbuddy.blogspot.com/2006...roving-bug.html
The article says, ". the Motorola Razr [running Linux] are especially
venerable ."
It turns out that Linux's security model is porous as a sieve. Devices
running Linux are being hacked and taken over by remote hackers. The
security hole persists even when the device is turned off. But is it some
secret 'back door' that only the government knows how to access? Nope, the
world knows how to by pass and exploit Linux's so-called security. Here's a
horror story describing the hell created because of Linux's weak security:
http://www.thenewstribune.com/news/...ory/91460.html.
I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I
reply, "Irrelevant!"
This issue is about a bug in Linux. This is about a known bug in Linux
that's been hanging around for months. It is a bug a known bug in Linux
that's been hanging around for months that has not been fixed. This is
about
a security hole in Linux. Windows is not the issue here. This is a Linux
problem and not a Windows problem.
| |
| CptDondo 2007-06-28, 3:33 pm |
| Cassandra wrote:
>
> This issue is about a bug in Linux. This is about a known bug in Linux
> that's been hanging around for months. It is a bug a known bug in Linux
> that's been hanging around for months that has not been fixed. This is
> about a security hole in Linux. Windows is not the issue here. This is a Linux
> problem and not a Windows problem.
>
>
Huh?
It seems to be more a bug in the cell-phone protocol/hardware. Or
possibly a hardware mod to the cell phones. I can well imagine the cell
phone companies would have a way to update the firmware in your phone
remotely.
Nothing to say that it's due to linux being on the phone.
The only reason it's not *also* a windows problem is that windows can't
possibly run on a cellphone....
As to the "horror story" - why don't they get a prepaid phone? Or do
away with cell phones altogether? Or stuff the damn things into a sock
while they're not using them? Christ, people used to live their whole
lives without cell phones.
| |
| Nedd Ludd 2007-06-28, 10:33 pm |
|
"CptDondo" <yan@NsOeSiPnAeMr.com> wrote in message
news:13885j98uu1do0b
@corp.supernews.com...
: Cassandra wrote:
:
: >
: > This issue is about a bug in Linux. This is about a known bug in Linux
: > that's been hanging around for months. It is a bug a known bug in Linux
: > that's been hanging around for months that has not been fixed. This is
: > about a security hole in Linux. Windows is not the issue here. This is
a Linux
: > problem and not a Windows problem.
: >
: >
:
: Huh?
:
: It seems to be more a bug in the cell-phone protocol/hardware. Or
: possibly a hardware mod to the cell phones. I can well imagine the cell
: phone companies would have a way to update the firmware in your phone
: remotely.
:
: Nothing to say that it's due to linux being on the phone.
The features of the phone such are the way the firmware is updated are
executed by Linux.
The vulnerability on these phones is a result of Linux.
The Roving Bug is a huge security hole in these phones.
Its presents and exploitation is facilitated by Linux.
| |
| CptDondo 2007-06-28, 10:33 pm |
| Nedd Ludd wrote:
>
> The features of the phone such are the way the firmware is updated are
> executed by Linux.
Please document this. Non-linux phones cannot be updated?
> The vulnerability on these phones is a result of Linux.
Please document this. Non-linux-based phones don't have this vulnerability?
> The Roving Bug is a huge security hole in these phones.
Yes.
> Its presents and exploitation is facilitated by Linux.
Please document this. Non-linux phones don't have this vulnerability?
| |
| chrisv 2007-06-28, 10:33 pm |
| Cassandra wrote:
>Her
Stupid fscking cross-posting troll.
*plonk*
| |
| Oldtech 2007-06-28, 10:33 pm |
| CptDondo wrote:
> Nedd Ludd wrote:
>
> Please document this. Non-linux phones cannot be updated?
>
>
> Please document this. Non-linux-based phones don't have this
> vulnerability?
>
>
> Yes.
>
>
> Please document this. Non-linux phones don't have this vulnerability?
Me thinks the lady doth protest too much, CptDondo.
It sounds like the Microsoft patent hype. Lots of claims, but, no
specifics are offered that we can verify.
I am willing to bet my favorite ham in Mohamed's frig. that this is a
plant by felon Microsoft trolls.
| |
| CptDondo 2007-06-28, 10:33 pm |
| Oldtech wrote:
> CptDondo wrote:
> Me thinks the lady doth protest too much, CptDondo.
>
> It sounds like the Microsoft patent hype. Lots of claims, but, no
> specifics are offered that we can verify.
>
> I am willing to bet my favorite ham in Mohamed's frig. that this is a
> plant by felon Microsoft trolls.
Oh no doubt. It's just a slow day at work and the A/C doesn't work...
| |
|
|
| David L. Johnson 2007-06-28, 10:33 pm |
| CptDondo wrote:
> Oh no doubt. It's just a slow day at work and the A/C doesn't work...
Windows-based controller?
--
David L. Johnson
Arguing with an engineer is like mud wrestling with a pig...
You soon find out the pig likes it!
| |
| The Man 2007-06-28, 10:33 pm |
|
"CptDondo" <yan@NsOeSiPnAeMr.com> wrote in message
news:13885j98uu1do0b
@corp.supernews.com...
> Cassandra wrote:
>
>
> Huh?
Duh. Read it again Einstein.
> It seems to be more a bug in the cell-phone protocol/hardware. Or possibly
> a hardware mod to the cell phones. I can well imagine the cell phone
> companies would have a way to update the firmware in your phone remotely.
>
> Nothing to say that it's due to linux being on the phone.
Then read it again.
> The only reason it's not *also* a windows problem is that windows can't
> possibly run on a cellphone....
http://www.windowsfordevices.com/ar...2468909181.html
Do you have any other clueless comments you'd like to make Cpt Dungo?
> As to the "horror story" - why don't they get a prepaid phone?
Because prepaid phones suck.
> Or do away with cell phones altogether?
Sure. And let's do away with electricity too.
> Or stuff the damn things into a sock while they're not using them?
> Christ, people used to live their whole lives without cell phones.
And people used to live their whole lives without air travel or cars. So
let's all go back to riding donkeys and living in caves.
--
Posted via a free Usenet account from http://www.teranews.com
| |
| Roger Blake 2007-06-29, 4:33 am |
| In article < bJCdnZBigMvgjRnbnZ2d
nUVZ_veinZ2d@comcast
.com>, Cassandra wrote:
> Linux advocate's reply is that, Linux's architecture makes it impossible to
> hack.
Dead on arrival in the first paragraph. Nobody who actually knows anything
about operating system architecture and/or security would make such a claim.
The threats against Linux tend to be of a different nature than those
against Windows. The latter tend to be aimed at end users due to Windows'
architecture which requires most users to work full-time in an administrative
account to make use of their systems. This combined with the active
scripting that Microsoft is so fond of embedding in all types of content
makes Windows a virus writer's dream environment in terms of attacking
through end users. (Remember the first major wave of PC-based viruses?
It was when Microsoft introduced the "auto-execute macro" in Word documents,
initially with no way to disable them. This turned ordinary documents
into potential vectors for infections.)
In contrast, the threats against Linux (and other Unix-based systems)
tend to be based on attacking public services. As you may recall, the
first Internet worm in 1988 virtually shut down the entire Net by taking
advantage of a bug in the finger daemon in Berkeley-derived variants of
Unix. Unix-based utilities such as sendmail, bind, and others have a long
history of security flaws. Anyone with any sense will tell you that if
you hook up an old, unmaintained Linux system running public services to
the Internet it will likely be hacked and rooted in short order. On the
other hand, Windows-style attacks on end users are much less fruitful
due to user accounts with limited privileges and a lower incidence of
script-triggered automation features in end-user applications.
--
Roger Blake
(Subtract 10s for email.)
| |
| Jamie Hart 2007-06-29, 4:33 am |
| "Cassandra" <Cassandra@comcast.net> wrote in
news:bJCdnZBigMvgjRn
bnZ2dnUVZ_veinZ2d@co
mcast.com:
> Her advocates claim Linux is more secure than Windows and as proof
> they offer
> the list of viruses that target Windows.
And the lack of viruses that target Linux.
> The rebuttal is typically that
> Window is an attractive target for virus writers due to its ubiquity.
Its ubiquity and its lack of security. It's the low hanging fruit of
the software world.
> The
> Linux advocate's reply is that, Linux's architecture makes it
> impossible to hack.
No they don't. they say it is more difficult for a virus to prosper on
a linux system.
Linux can be hacked, indeed Linux has been hacked, though the damage
that a hacker can do is limited in Linux compared to Windows.
> I think we've all seen this exchange.
I've certainly seen Trolls like you talk about this fictitious exchange,
does that count?
Snip the rest of the trolling attempt.
| |
| Matt Simpson 2007-06-29, 10:33 am |
| In article < 13885j98uu1do0b@corp
.supernews.com>,
CptDondo <yan@NsOeSiPnAeMr.com> wrote:
> It seems to be more a bug in the cell-phone protocol/hardware. Or
> possibly a hardware mod to the cell phones. I can well imagine the cell
> phone companies would have a way to update the firmware in your phone
> remotely.
Actually, it seems to be none of the above. It's more likely to be
total BS.
http://www.computerworld.com/action...eB
asic&t
axonomyName=mobile_a
nd_wireless&articleId=9025893
| |
| CptDondo 2007-06-29, 12:33 pm |
| The Man wrote:
>
>
> http://www.windowsfordevices.com/ar...2468909181.html
>
> Do you have any other clueless comments you'd like to make Cpt Dungo?
Those are "smartphones" and PDA. Not what I call a cellphone. My
linux-based Motorola is about 3.5 x 1.75", way smaller and lighter than
the PDAs listed in that article.
> Because prepaid phones suck.
>
> Sure. And let's do away with electricity too.
I have 5 stray cats that like to roll around on a particular doormat on
my deck. It's really aggavating, as they fight over it, and leave
catshit and cathair all over the place.
I could call the paper and police and whatever, and whine about the
horrible state of stray cats.
Or I could just fold the doormat over so the cats can't get to the
scratchy part.
Hmmm... You decide.
And, BTW, I've met Einstein's daugher and secretary several times. And
sat in his chair. (And probably peed in the same urinal....) So
calling me "Einstein" is pretty neat.
--Yan
|
|
|
|
|