1. Are you ready for the Galaxy S20? Here is everything we know so far!

Very happy im rooted and on 2.3.4 for this reason

Discussion in 'Android Devices' started by Rastaman-FB, May 17, 2011.

  1. Rastaman-FB

    Rastaman-FB Extreme Android User
    Thread Starter




    1. Download the Forums for Android™ app!


      Download

       
  2. SUroot

    SUroot Extreme Android User

    They're only mentioning over wifi, not over Network provider data services.

    If thats true, I feel pretty safe. My network is pretty resiliant. My network has been tested against brute force and other attacks and faired very well.
     
  3. SUroot

    SUroot Extreme Android User

    Also, to any mods / guides who may view, please can I recommend this is NOT moved into the root forum? Its very important information (data privacy issues)
     
  4. Rastaman-FB

    Rastaman-FB Extreme Android User
    Thread Starter

    well whos to say hsdpa is encrypted and if you are on the same subnet/internal iprange as other android devices im pretty sure you could packet sniff from android ips
     
  5. williamj1

    williamj1 Android Enthusiast

    How do you know your network is resilient to attacks?
     
  6. SUroot

    SUroot Extreme Android User

    I was drunk round at my hacking mates house and we brute force attacked my public ip address. Ran all his scripts against it and couldn't get in. Not even on known open Ports
     
  7. williamj1

    williamj1 Android Enthusiast

    Are we talking about phone networks? You couldn't hack O2?

    This stuff is way over my head, but that takes guts :p
     
  8. SUroot

    SUroot Extreme Android User

    No no. My LAN at home.
     
  9. williamj1

    williamj1 Android Enthusiast

    Apologies, I took network provider data services to mean O2 etc?
     
  10. SUroot

    SUroot Extreme Android User

    Yes that's what it means. But the first line is WiFi which is what I'm talking about.

    The article says about stuff being intercepted over WiFi, but my WiFi is good
     
  11. williamj1

    williamj1 Android Enthusiast

    You have me worried now.

    Mine isn't... simple bt hub with standard WPA2 or whatever it's called encryption. Need I do more?
     
  12. SUroot

    SUroot Extreme Android User

    I recommend not broadcasting your ssid.

    From a wired perspective, there's plenty of apps you can run on an old desktop machine to make it an additional hardware firewall.

    I just use a simple linksys router hidden ssid. Works well

    Can't speak about home hubs though. Never had or tested one
     
  13. EddyOS

    EddyOS Android Expert

    People are getting too paranoid about this, media making a mountain out of a mole hill
     
    yenrod likes this.
  14. Rastaman-FB

    Rastaman-FB Extreme Android User
    Thread Starter

    kinda Eddy but still, its interesting as most apns on the various networks are nat'd
    who knows what ports and restrictions are open or closed
    facts are this, that stuff is broadcast in plain txt be it wifi or over a data network
    an app could sniff it, a clever idiot with a device posing as a mobile phone on the same data network subnet could probably see it too.

    the article says wifi only but the protocol these apps are using is still delivering information in plain txt form

    i actually think its a bigger issue than we think and one that google has kept under wraps as they have patched
     
  15. sookster54

    sookster54 Android Expert

    I went and flashed Oxygen as soon as I heard about this, pity because Froyo was my choice for my everyday phone, but Oxygen seems to hold up.
     
  16. sookster54

    sookster54 Android Expert

    Even then, wouldn't it be a concern when connecting to open public networks like at Starbucks, library or airport? I frequently connect to those when I'm on the go.
     
  17. SUroot

    SUroot Extreme Android User

    I don't. I only connect at home
     
  18. Rastaman-FB

    Rastaman-FB Extreme Android User
    Thread Starter

    thing i dont get is they mention "only over wifi" but then the applications/web themselves send the tokens in plain text.
    I cant see why the apps/websites would send information encrypted over datanetwork but suddenly change its security model over wifi. it makes no sense

    im not trying to scaremonger but i think they only mention wifi cos its easier to sniff
    it detracts away from the fact that you can be on the same subnet and iprange as other smartphones in the data network therefore some clever sod might be able to packet scan the open ports for data which has been sent from un patched android devices with another device on the network.
    even better use a linux box with a datacard/tethered device on the network
     
  19. SUroot

    SUroot Extreme Android User

    I think you're right. It wont change policy over a different protocol.

    What we could do with is a list of apps that transmit in plain text.
     
  20. Rastaman-FB

    Rastaman-FB Extreme Android User
    Thread Starter

    indeed, there must be something google put in 2.3.4 that encrypts all tokens regardless of site api requests
     
  21. EddyOS

    EddyOS Android Expert

    Never have and never will use a VPN, I only connect to trusted/secured networks and, tbh, don't have a lot of personal data linked to my Gmail account. If they want my parents phone number then bully for them!

    I won't be worrying about this one iota
     
  22. Rastaman-FB

    Rastaman-FB Extreme Android User
    Thread Starter

    who said anything about vpn? vpn is generally an rsa encrypted channel.

    im talking standard gprs/3g/hsdpa

    each device on the data carrier is connected from a dhcp pool from a sgsn/ggsn and given an ip from a range within that subnet
    certain ports have to be open for data transit to work
    potentially (i have no actual factual information so cannot fully confirm) someone within that same subnet/iprange can connect a device to the network and find plain text being transmitted from these ports.

    imo if you use your providers data network you have just as much reason to be concerned as someone using adhock/unsecured wifi nodes
     
  23. SUroot

    SUroot Extreme Android User

    VPN is about as safe as you can get.

    But if you're on a home wifi and someone is sat outside in a van, that wont help as its between your phone and your router where they intecept.
     
  24. SUroot

    SUroot Extreme Android User

    Actually the linked blog says its over open wifi networks:

    Catching authTokens in the wild-Universitt Ulm

     
  25. yenrod

    yenrod Well-Known Member

    At the end of the DAY Google/manufacturers need to sort there @ss's out over these updates - like, how long are these taking...all that seems to be happening is MORE phones being released....ad infinitum...................!
     

HTC Desire Forum

Features and specs are not yet known.

unknown
Release Date
0
Reviews
Loading...
Similar Threads - Very happy rooted
  1. Fire Marshal Bill
    Replies:
    1
    Views:
    424
  2. Gobshyte
    Replies:
    5
    Views:
    1,817
  3. OcaVid
    Replies:
    2
    Views:
    684
  4. ruuduphoff
    Replies:
    1
    Views:
    644
  5. louis2008
    Replies:
    16
    Views:
    1,337
  6. Ashveer Ramparsad
    Replies:
    3
    Views:
    1,779
  7. Highspot
    Replies:
    3
    Views:
    2,252
  8. keith Taylor
    Replies:
    4
    Views:
    1,401
  9. Wanda Manrara
    Replies:
    3
    Views:
    833
  10. ashleedawg
    Replies:
    6
    Views:
    13,411

Share This Page

Loading...