Security bulletin for Rooted users.


Last Updated:

  1. draconius

    draconius Well-Known Member This Topic's Starter

    Joined:
    Jul 24, 2010
    Messages:
    230
    Likes Received:
    3

    Advertisement
  2. OMJ

    OMJ Bazinga VIP Member

    Joined:
    Nov 27, 2009
    Messages:
    3,288
    Likes Received:
    825
    A little surprising that its not encrypted but really its not that big a deal. Definitely a little scary for those with exchange accounts that end up listed there though.

    I have always been very careful with installing root apps. I stick to known devs and or apps with lots positive feedback when it comes to root apps. If you go installing every root app under the sun then you are asking to get hit with something malicious.
     
  3. izomiac

    izomiac Active Member

    Joined:
    Jul 9, 2010
    Messages:
    41
    Likes Received:
    21
    I'm a little surprised that people didn't know that any "Remember my password" feature anywhere effectively stores passwords in plain text unless you enter a Master Password or similar. ("Keep me logged in" is somewhat different.) This isn't any more of an issue for Root users as normal users if there are active root exploits, since obviously a malicious app could then root an unrooted phone.

    Such features trade security for convenience, so it's a design decision that can't really be made more secure. Effective encryption can only be used if the key is kept secret, which can't be done if your phone isn't asking you for a decryption key. Encrypting then storing the key in plaintext is completely pointless.

    Even if passwords were securely stored, a malicious root app can install a rootkit. I won't go into specifics, but suffice to say at that point it's no longer "your" phone.

    Required reading for owning an electronic device:
    10 Immutable Laws of Security

    For the curious, here's a follow-up set of articles that examine how well the previous one held up from it's publication in 2000 to 2008:
    10 Immutable Laws of Security Revisited: Part 1
    10 Immutable Laws of Security Revisited: Part 2
    10 Immutable Laws of Security Revisited: Part 3
     

Share This Page

Loading...