Debunking fake stock Pixel OS vulnerability from an EDR company (opens in new tab)

(discuss.grapheneos.org)

35 pointskaspar0301y ago7 comments

7 comments

What I found funny about the Wired piece, is that one of the worlds top big brother companies, Palantir (do they see themselves as Saruman or are they on the good side, I earnestly wonder, perhaps someone from the inside could comment on that, highly appreciated), makes the point.

gruez1y ago

Where's the debunking? The linked post seems to only say that the various media outlets are "misrepresenting a vulnerability" and "fearmongering", but doesn't really expand on that aside from saying it's disabled and "Stock Pixel OS no longer gives the same level of access to the active carrier". It doesn't expand on why those make the vulnerability a non-issue. I expected far more from a "debunking".

kayo_202110301y ago

> "The most straightforward way to do this would involve having physical access to a victim's phone as well as their system password or another exploitable vulnerability that would allow them to make changes to settings."

If I have all that, why would I need a second level vulnerability? In fairness, the Wired piece might be technically correct, but it does seem overblown; a nice fluffy PR piece rolled up with clickbait.

gruez1y ago

It's a preloaded app with possibly privileged permissions (ie. permissions that apps you install normally can't get), so it's possibly worse than what you can normally achieve via physical access. I checked the iVerify report[1], and it doesn't look like such permissions exist, but I'd appreciate more elaboration about the actual vulnerability from grapheneos's debunking post, rather than spending half the article ranting about how various entities are bad.

[1] https://40052983.fs1.hubspotusercontent-na1.net/hubfs/400529...

hiatus1y ago

Even if it has more permissions than a normal app, if you have the password and unrestricted local access to the phone you can already put it in debugging mode and connect to it via adb.

1 more reply

j / k navigate · click thread line to collapse

7 comments

KingOfCoders1y ago

gruez1y ago

kayo_202110301y ago

gruez1y ago

[1] https://40052983.fs1.hubspotusercontent-na1.net/hubfs/400529...

hiatus1y ago

Even if it has more permissions than a normal app, if you have the password and unrestricted local access to the phone you can already put it in debugging mode and connect to it via adb.

1 more reply

j / k navigate · click thread line to collapse