undefined | Better HN

0 pointsTimeBearingDown4y ago0 comments

Smartphones aren’t servers, but they run tons of services that interact with the surrounding world. Bluetooth, WiFi, etc…

The kernel also still plays a vital and security-meaningful role in processing calls from applications.

Running an out of date kernel could mean strangers ransoming your data, or could mean an attack becomes persistent and starts logging and uploading through reboots.

Running an out of date kernel often does not result in this, and that higher level security matters first.

However, the kernel does have an attack surface through those higher levels, and pwning the kernel still means something.

Those datacenters are running LTS kernels with minor versions updated, or have security patches backported, or have far more limited connections to the world than your phone — only one protocol, one port, one service, for example.

One example, since you asked: https://thehackernews.com/2019/10/android-kernel-vulnerabili...

0 comments

dotancohen4y ago

  > Smartphones aren’t servers, but they run tons of services that
  > interact with the surrounding world. Bluetooth, WiFi, etc…

Sounds like a server to me. Maybe not a webserver, or an SMTP server, or database server, but it is a server running world-accessible services.

1 more reply

soylentnewsorg4y ago

We are not talking about datacenter servers - we are talking about smartphones. you can run a 4.9 kernel with all security patches applied, just like you can run windows10 with all security patches applied. You can update bluetooth and wifi modems without going to a later kernel version. We call those drivers, not kernels.

The issue you note is only exploitable via a bug if you have an outdated version of the chrome browser. You don't need to update the kernel, in order to update an application.

Seriously, I feel like I'm talking to my wife here, who is not a tech person. Why are you and the other couple of people being purposely dense, and purposely ignoring the content of your own links that doesn't fit your viewpoint?

BTW, after you said smartphones aren't servers, you go on to talk about why an older kernel is bad on servers.

But since you asked, the latest 4.9.3 kernel running on that nexus6 from 2014, that's been compiled appears to be from the end of the year 2019.

kaba04y ago

Good luck finding drivers for phone wifi, bluetooth, etc. That’s the fking problem — linux doesn’t have a stable driver api, so the binary blobs drivers will not allow people upgrading major linux kernel versions.

If everyone around you is stupid, then maybe you don’t understand the topic at hand?

1 more reply

j / k navigate · click thread line to collapse

0 pointsTimeBearingDown4y ago0 comments

Smartphones aren’t servers, but they run tons of services that interact with the surrounding world. Bluetooth, WiFi, etc…

The kernel also still plays a vital and security-meaningful role in processing calls from applications.

Running an out of date kernel could mean strangers ransoming your data, or could mean an attack becomes persistent and starts logging and uploading through reboots.

Running an out of date kernel often does not result in this, and that higher level security matters first.

However, the kernel does have an attack surface through those higher levels, and pwning the kernel still means something.

One example, since you asked: https://thehackernews.com/2019/10/android-kernel-vulnerabili...

0 comments

dotancohen4y ago

  > Smartphones aren’t servers, but they run tons of services that
  > interact with the surrounding world. Bluetooth, WiFi, etc…

Sounds like a server to me. Maybe not a webserver, or an SMTP server, or database server, but it is a server running world-accessible services.

1 more reply

soylentnewsorg4y ago

The issue you note is only exploitable via a bug if you have an outdated version of the chrome browser. You don't need to update the kernel, in order to update an application.

BTW, after you said smartphones aren't servers, you go on to talk about why an older kernel is bad on servers.

But since you asked, the latest 4.9.3 kernel running on that nexus6 from 2014, that's been compiled appears to be from the end of the year 2019.

kaba04y ago

If everyone around you is stupid, then maybe you don’t understand the topic at hand?

1 more reply

j / k navigate · click thread line to collapse