undefined | Better HN

0 pointsGuB-423mo ago0 comments

Just because one layer of the security stack is compromised doesn't turn your device into a paperweight. I know many people who use out-of-support and vulnerable devices and I am not aware of a single one getting pwned by a system exploit, it is always some kind of phishing or scam. This is anecdotal evidence but I couldn't find actual data, as most don't distinguish between malware that rely on system-level vulnerabilities (as in 0-day) and the ones that don't (like fake apps that steal credentials, mine crypto or inject ads). But it is clear that the former are a minority on Android.

If you don't know what to do with it because your security standards are so high, just give it to someone with lower standards then you, or use it for some project that doesn't involve sensitive data. And if security is broken to the core, there is probably some vulnerability you can exploit to root your phone and do whatever you want with it, including installing a custom ROM.

Still, I agree with you on making it mandatory to provide an unlock method, at least for out-of-support phones.

0 comments

avadodin3mo ago

It's not 1999 anymore. If you get RCEd today as a nobody you don't get a purple gorilla.

Just silently enlisted into a "Residential VPN" and a background script that checks for the SSID "Iranian Research Facility" every time you turn your wifi on for some reason.

_factor3mo ago

"I've never had someone steal from my car, so the fact that my car lock doesn't work is not a problem."

GuB-42OP3mo ago

More like: "Every time someone stole from my car, that's because I forgot to lock the door, that the lock can be picked is not a problem".

Sure, a thief may pick your lock, but unless he knows there is something valuable in there, he will probably go find a car the owner forgot to lock, it less effort and there are plenty of them, or he may look for more valuable targets.

j / k navigate · click thread line to collapse