cybersecurity

3157 readers

2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

X-post: Better understanding and mitigating the risks of using a phone that no longer receives system updates (lemmy.ca)

submitted 1 year ago by bulwark@infosec.pub to c/cybersecurity@infosec.pub

2 comments fedilink hide all child comments

Crosspost of an ongoing thread over at !android@lemdro.id

Some interesting discussions on the trade-off between security and being able to use your aging Android for a little while longer.

you are viewing a single comment's thread
view the rest of the comments

[–] himazawa@infosec.pub 2 points 1 year ago* (last edited 1 year ago)

Perhaps images, video, font etc. rendering could be compromised?

Yes, it already happen in the past. Also the Wi-Fi and Bluetooth stack got exploited, like multiple kernel drivers.

But it shouldn't be a matter of "in the past was X exploited?" but more on having a correct security posture.

Honestly if you are arguing about wasting a "perfectly working phone" you should blame it on the vendor, especially Android devices vendors have this let's say "defect" of dropping the support after 4/5 years.

Also not going to talk about custom ROMs (with the super rare exclusion of some) managed by god knows who, without any security team behind.

Since even the NFC and Cellular Network stack got vulnerabilities the only way you would consider an old phone "safe" to use is just turning it into the equivalent of a local ARM server.

Also pretty fun seeing the replies in the original post talking about how Google Play store shouldn't have malware on it.