DISCLAIMER:
This is totally academic, and I only pose the question as that of mere curiosity.
In no way do I mean to accuse any developer here or elsewhere of intentionally or otherwise installing malicious software in our ROMs. Not trying to start a flame war or anything.
What is the possibility that a rogue ROM creator would or could install malicious content on one of our devices? What kind of things would we look for to indicate that our device may be compromised? Perhaps packet sniffing for the extra paranoid.
I am the type that, when I see something that doesn't look normal, I question it. That said, I am a very experience Linux, *BSD, and Solaris administrator; but my experience with Android is just blooming. So I might not know where to look in the Android filesystem, or know which processes may be irregular.
I did some Googling but haven't found anything to indicate this has happened before (thank God). Are there self-checks in Android to prevent this from happening? Call me paranoid, but I just like to know what's going on.
Do the "anti-virus" softwares in the App market actually help with this?
Again just curious. I heard about some apps on the Market that Google had to remotely erase. And I believe I am correct in understanding that Google isn't as restrictive with its applications as Apple.
Any takes on this?
Antivirus and Task killers all that are garbage and slow your phone down. You won't have to worry about that happening on this site.
It depends if he/she is an asshole...
The first "viruses" for android were because people were downloading paid apps on the internet, from some site in china, that had viri put into those apps that people were downloading.
Just dont get on the bad side of a dev.
adrynalyne said:
Just dont get on the bad side of a dev.
Click to expand...
Click to collapse
LOL! I'll make sure not to do that!
I know that task-killers are BS. I figured the anti-virus was a gimmick, too. As far as for self-replicating viruses on the phones I doubt that will occur.
I'm more worried about malware in the form of a sleeper-trojan that calls home with my personal phone information, or gets added to some jack-asses botnet for DDoSing.
That was a worry of mine when I first came to this site, but the dev's I download from I find quit professional. I have since just started to dig into roms trying to port them to the tb, and compare the contents and begin to see what is normally packed in the zip. I have never found a dev on this site attempt to introduce malware. I have seen some intro warz but the site immediately banned them. The site has banned devs for not giving credit were credit is due, and opening multiple accounts in a way to circumvent the system.
This site is great for all, and they do their best to keep everyone honest.
I've been here and ppcgeeks for nearly 3 and 1/2 years, both with winmo and android, and I have never had an issue. It seems that these sites really do the best they can to catch things before they happen. Personally, I can't say enough about our devs. They're great, and they do a good bit of work for people who are honestly not thankful enough to them. I personally don't think you will ever have an issue, as I haven't. And I download tons of stuff from here and other places.
I think everyone is missing the OP's point. OP isn't asking if it's happning now or whether it's happening here.
Instead, the question concerns whether or not it's physicsally possible for malicious code to get executed after installing a custom ROM and/or kernel, assuming the developer of that ROM or Kernel was inclined to put some in there. Assuming it *is* possible, which I certainly believe it is, what if anything can be done by an experienced *NIX adminsitrator to be aware of it?
Is your only option to 'trust' the developer of the ROM or Kernel, or are there things we can do with a runnning android system to know how well the live code is behaving?
I've always been curious of this myself. I am no advanced Linux administrator (yet), just an aspiring IT student. I would think the best people to ask would be the developers themselves, though.
funkybside said:
I think everyone is missing the OP's point. OP isn't asking if it's happning now or whether it's happening here.
Instead, the question concerns whether or not it's physicsally possible for malicious code to get executed after installing a custom ROM and/or kernel, assuming the developer of that ROM or Kernel was inclined to put some in there. Assuming it *is* possible, which I certainly believe it is, what if anything can be done by an experienced *NIX adminsitrator to be aware of it?
Is your only option to 'trust' the developer of the ROM or Kernel, or are there things we can do with a runnning android system to know how well the live code is behaving?
Click to expand...
Click to collapse
No one is missing the point, the op asked if it can happen in roms/kernels/etc. Roms/kernels/etc for the phone are distributed here, therefore he is asking if it can happen here or anywhere that devs create these things for our phones.
BTW an experienced Linux admin should already know how to check for these things
Actually I believe it has happened at least twice. Once by accident, and once there may have been malicious code put into a rom that was set as bate for code thieves.
The first one was stupid, an update agent was left in the rom, and an update got pushed that loaded the phone browser to a certain site (it was not a bad site either). This effected a VERY minor few, as you had to have a certain version of a rom, and have rebooted over a very specific point in time.
The latter I will not go into as I do not know the specifics, or the validity of any of what happened.
g00s3y said:
No one is missing the point, the op asked if it can happen in roms/kernels/etc. Roms/kernels/etc for the phone are distributed here, therefore he is asking if it can happen here or anywhere that devs create these things for our phones.
BTW an experienced Linux admin should already know how to check for these things
Click to expand...
Click to collapse
Sorry if my post offended you and no disrespect intended, but I think you are mistaken. The question of whether or not something "can happen" is fundamentally different from the question of whether or not anyone is actually doing it. Also, saying that any "experienced Linux admin should already know how to check for these things" is in poor taste; it's a personal attack that adds no value to the discussion. The idea here is to address the OPs question as a purely acedemic thought experiment; there is no implict reference to the morality of the developers here...
Perhaps we should ask the same question in a differnet way:
If net-sec researcher working at SANS wanted to test expolitation vectors against their own personal HTC Thunderbolt. Is it physically possible for them to build a custom ROM and/or Kernel such that this custom module includes malicious code that executes automatically after installed on the device?
I'd be highly surprised if anyone claims the answer is no. If the kernel itself is custom, anything the hardware can do is fair game...
Concerning the question of how to know if anything is happening, since we're talking about the firmware itself, it would be difficult to do anything in userspace with confidence. To be really sure, you'd likely need to sniff traffic (both mobile and wifi) as well as physically monitor the hardware's debug output (and perhaps even the circuit traces themselves). With a comprimized kernel, you can't trust anything running throuh the operating system's APIs.
It's very doubtful that any reputable developer on XDA would do this. Impossible? No. But XDA is the kind of place where something like this would be discovered very quickly and spread like wildfire.
Now, some unknown developer, on a random website? While I havent come across this yet, I'd say: More likely.
The question isn't concerning the likelihood of it occuring on XDA or elsewhere, it's specifcally about whether or not it is technically possible to do it.
I think we can infrer from everyone who is answering the unrelated question, i.e. Is it happening on XDA or anywhere else?, that yes, it is possible to insert malicious code into a ROM or kernel.
funkybside said:
The question isn't concerning the likelihood of it occuring on XDA or elsewhere, it's specifcally about whether or not it is technically possible to do it.
I think we can infrer from everyone who is answering the unrelated question, i.e. Is it happening on XDA or anywhere else?, that yes, it is possible to insert malicious code into a ROM or kernel.
Click to expand...
Click to collapse
I think you are right. As long as there is superuser access, then basically anyone with su can pretty much to anything to your phone.
At least that's my take on it.
I'm new to android in general and XDA in particular, so please forgive my ignroance (and yes I will try searching), but this makes me wonder: Do the established developers of custom ROMs and Kernels release their source code? I'd imagine the same terms of the GPL that require HTC to release their source would also require anyone building custom Kernels to do the same. Is this also true for ROMs?
I am an experienced *NIX administrator, and that's what makes me so paranoid. This kernel source isn't coming from a CVS tree that is being scrutinized by hundreds of developers, at least not to my knowledge.
I know how code can be injected into a kernel, into a module, pretty much anywhere. Should I run a diff on the kernel source tree to see what was changed? Could do that, but that may be time consuming. I've seen innocuous kernel modules altered to allow a gateway for elevating to UID 0 (and in fact, more often in Linux than in others.)
I'm pretty confident that the folks here on XDA aren't doing anything malicious: the following of these ROMs are too popular and very fluid, and I would expect something malicious to be found quickly.
Again this is just purely academic.
nerozehl said:
I am an experienced *NIX administrator, and that's what makes me so paranoid. This kernel source isn't coming from a CVS tree that is being scrutinized by hundreds of developers, at least not to my knowledge.
I know how code can be injected into a kernel, into a module, pretty much anywhere. Should I run a diff on the kernel source tree to see what was changed? Could do that, but that may be time consuming. I've seen innocuous kernel modules altered to allow a gateway for elevating to UID 0 (and in fact, more often in Linux than in others.)
I'm pretty confident that the folks here on XDA aren't doing anything malicious: the following of these ROMs are too popular and very fluid, and I would expect something malicious to be found quickly.
Again this is just purely academic.
Click to expand...
Click to collapse
Agreed that the liklihood of stuff here being questionable is low, but the simple fact that there is a non-zero risk certainly makes me think a little bit. You summed it up well and the examples are spot on - this is why I immediately wonderd if developers here are publishing the source code on their customized versions. Ignoring the GPL angle, its just good to know it's out there if it is, and by the same token, also good to know if it's not out there.
I have another question to add. I love miui, and to my understanding miui is made by Chinese developers and it is not open source, it is just translated and ported to our devices. If it is not open source, is there anyway to know for sure?
I am a little bit wary of the security, although I love the rom. I trust all of the credible devs on xda, however I don't know anything about the Chinese devs developing miui. Would the devs porting miui be able to see the malware if it isn't open source
Sent from my ADR6400L using XDA App
It is definitely possible. I read a paper a while back that I've been referencing in my own research where some researchers compiled some kernel modules to do malicious tasks in the background without knowledge of the user, mind you this was on an open source linux based phone system similar to android. Basically compiled in root kits, which replacing your kernel/rom w/ a community developed system would result in possibilities of this occurring. The primary solution to preventing these things from ending up on your phone as well as keeping the Trojans and other malware on the android market come down to the same thing knowing your publisher and being careful what permissions you allow. Like stick to kernels/roms from reputable developers on XDA, and make sure your "movie player" doesn't have access to your SMS system and you'll be fine
Mind you my own research currently is in detection of malware/malicous code & anomalous behavior. As well as hopefully prevention techniques eventually.
I have wondered on and off occasionally what happens if a security issue happens with the android OS.
Currently as we all know android is incredibly fragmented, mainly due to a system where the phone vendors roll out updates at their own leisure and google upgrading the OS at a very fast pace. Combination of the two equals fragmented userbase. But I have never seen an update for android on any version stated to fix a security issue.
Then I read this article.
http://www.bbc.co.uk/news/technology-23431281
It mentiones manufacturers have yet to pass on the patch which is no surprise as here in the uk the phones that still do get updates tend to be 12 months behind google's updates (unless a new model on market), which is a deliberate policy so people buy a new phone to get new android.
Does anyone here know which android version's are affected and if custom roms have it patched?
chrcol said:
I have wondered on and off occasionally what happens if a security issue happens with the android OS.
Currently as we all know android is incredibly fragmented, mainly due to a system where the phone vendors roll out updates at their own leisure and google upgrading the OS at a very fast pace. Combination of the two equals fragmented userbase. But I have never seen an update for android on any version stated to fix a security issue.
Then I read this article.
http://www.bbc.co.uk/news/technology-23431281
It mentiones manufacturers have yet to pass on the patch which is no surprise as here in the uk the phones that still do get updates tend to be 12 months behind google's updates (unless a new model on market), which is a deliberate policy so people buy a new phone to get new android.
Does anyone here know which android version's are affected and if custom roms have it patched?
Click to expand...
Click to collapse
if you're rooted (which i assume seeing your signature) you're safe.
Also read this: http://www.androidcentral.com/making-sense-latest-android-security-scare
well it doesnt say you safe if rooted it just says you have bigger security concerns to worry about so dont worry about this.
So in short if that article is right, its been a problem since android 1.6, all that time google hasnt bothered to patch it, samsung did their own patch but only on the s4, and android 4.3 is expected to be patched.
In the meantime ensure unknown app sources is disabled.
thats what I get from that article.
Very important thread.
Thanks for posting.
I'm glad I'm rooted
another article.
http://searchnetworking.techtarget....s-Report-Mobile-malware-attacks-grew-over-600
Seems android not disclosing the security issues and it wouldnt surprise me all the older phones with no updates are full of security holes.
should google be backporting security fixes to 2.2.x 2.1.x etc?
Install Xposed framework and then load the patch module to fix both security exploits, or simply only install well trusted apps
yeah I patched my AOKP now.
looking at this url it seems I can do the same on TW rom also.
http://forum.xda-developers.com/showthread.php?t=2374453
Hi everyone
I have an LG Optimus Vu device and due to LG's tremendous support for this phone, the operating system is still ICS and the kernel version is 2.6.39 (even the I/O scheduler for this phone is set to noop, and there aren't any alternatives :| ). It could be all good and well if there aren't hundreds of crashes appearing every day about different applications, which is driving me crazy. I've searched and searched and it seems that there are no custom ROMs for this phone, nor is there any custom recovery application. I could barely find an application to root this phone.
To get to the point; I'm considering to make a custom ROM for this phone, but I am a noob in these kind of stuff.
I have the kernel source and the original ROM zip file. Since the original OS version is 4.0.4, is it possible to bring the required proprietary drivers from the original and use it in a newer Android version like 4.4.x?
Can I use Google's recent Tegra 3 kernel (3.10) and port those LG specific drivers from the older kernel?
Am I even starting this process in the correct way?
Any help is appreciated.
set-0 said:
Hi everyone
I have an LG Optimus Vu device and due to LG's tremendous support for this phone, the operating system is still ICS and the kernel version is 2.6.39 (even the I/O scheduler for this phone is set to noop, and there aren't any alternatives :| ). It could be all good and well if there aren't hundreds of crashes appearing every day about different applications, which is driving me crazy. I've searched and searched and it seems that there are no custom ROMs for this phone, nor is there any custom recovery application. I could barely find an application to root this phone.
To get to the point; I'm considering to make a custom ROM for this phone, but I am a noob in these kind of stuff.
I have the kernel source and the original ROM zip file. Since the original OS version is 4.0.4, is it possible to bring the required proprietary drivers from the original and use it in a newer Android version like 4.4.x?
Can I use Google's recent Tegra 3 kernel (3.10) and port those LG specific drivers from the older kernel?
Am I even starting this process in the correct way?
Any help is appreciated.
Click to expand...
Click to collapse
Hate to be the bearer of bad news, but you're pretty much stuck. LG has locked the bootloader on it and has said they have no plans on unlocking it. Since the phone is around a year and a half old or older, I'd imagine they aren't going to change their minds all of a sudden for the relatively small amount of people still using the phone.
http://forum.xda-developers.com/showthread.php?t=2055272 - discussion about your phone here
FYI
What is a bootloader?
The bootloader is the first thing that starts up when a phone is turned on. At its most basic level, a bootloader is the low-level software on your phone that keeps you from breaking it. It is used to check and verify the software running on your phone before it loads. Think of it like a security guard scanning all the code to make sure everything is in order. If you were to try to load software onto the phone that was not properly signed by the device vendor, the bootloader would detect that and refuse to install it on the device.
When we speak about locked bootloaders, the context is often used to give meaning to the term “locked.” Almost all phones ship from the factory with locked bootloaders, but some are encrypted as well. It is this encryption that most reports are referring to when using the term “locked.” If a bootloader is encrypted, users can’t unlock it to load custom software of any sort. The device will be restricted to running software ROMs provided by the manufacturer.
Now, there are ways to unlock or circumvent bootloaders in special situations, but with ones that have no dev support like yours, it's pretty much a lost cause and most likely way beyond your capabilities to figure out without spending 100s of hours of learning about Android stuff. This is not a knock on you or anything of the sort, but it is what it is. It is a very difficult thing to figure out encrypted bootloaders even for the most experienced android developers and hackers and depending on how they are encrypted, there just might not be a way (ask the older Moto phones, especially from VZW).
es0tericcha0s said:
Hate to be the bearer of bad news, but you're pretty much stuck. LG has locked the bootloader on it and has said they have no plans on unlocking it. Since the phone is around a year and a half old or older, I'd imagine they aren't going to change their minds all of a sudden for the relatively small amount of people still using the phone.
...
Now, there are ways to unlock or circumvent bootloaders in special situations, but with ones that have no dev support like yours, it's pretty much a lost cause and most likely way beyond your capabilities to figure out without spending 100s of hours of learning about Android stuff. This is not a knock on you or anything of the sort, but it is what it is. It is a very difficult thing to figure out encrypted bootloaders even for the most experienced android developers and hackers and depending on how they are encrypted, there just might not be a way (ask the older Moto phones, especially from VZW).
Click to expand...
Click to collapse
Two thumbs up for the detailed reply.
Shame really. The phone was released in November 2012 but there wasn't a single OS update...
I guess I would have to give up on that, but I'm interested in system level developments for both Android and desktop systems. Any idea where to start?
set-0 said:
Two thumbs up for the detailed reply.
Shame really. The phone was released in November 2012 but there wasn't a single OS update...
I guess I would have to give up on that, but I'm interested in system level developments for both Android and desktop systems. Any idea where to start?
Click to expand...
Click to collapse
Yea, it does suck. That's one of the downfalls to making 8 million different phones. You have no incentive ($$$), no interest, and no manpower to be able to update them all in a reasonable fashion. But it's not like LG is alone. All of the manufacturers have had decent phones just...disappear in regards to updates or anything of the sort.
As far as getting started, there is a ton of info right here on XDA:
http://xda-university.com/
Modify hashes?
Hi!
Sorry for digging out a dead thread, but for the p895 probably all threads are more or less dead...
I wonder if it is really necessary to decrypt the bootloader. Since it must be able to boot different versions of the stock roms, it would probably only calculate a hash value of some files and compare that to a value stored elsewhere.
By comparing different versions of stock roms it might be possible to get some information about what files are hashed. If it is a standard hash algorithm and the comparison value the bootloader uses is stored in plain text (hope....!) there might be an atack vector in
comparing several known plain texts.
I also noticed, that the p895 has a "software integrity check" in the hidden menu that shows has values for some (a lot) of files. these hash values are likely already calculated when entering that menu option (i am pretty certain because they show immediately), so they might belong to the files checked at boot time and also hint to the hash algorith used.
The idea is to calculate a hash value for the custom rom and put it in the appropriate place so the bootloader thinks of the rom as an update.
These are just vage ideas, but i have no intention whatsoever to buy a new phone anytime soon and I guess I could as well spend "some" time tinkering and learning the tech details...
thank you!
Well i planned on getting the V10 tomorrow and out of excitement i was going to look up how the dev was on xda. Disappointment it seems to be very little development. Is there a particular reason or should i get different phone?
I'm actually thinking the same exact thing. Plan on getting this phone this weekend with Jump on Demand from an S6
Development is down on all devices..and for many reasons:
1. Much greater security in Lollipop and Marshmallow
2. With all the customizations available and features included on new phones developers are losing the desire to make ROMs
Between layers and Xposed most users can make their phones do what they want
3. Manufacturers and Carriers locking bootloaders and making root very difficult and anything other than flavors of stock impossible
Security is the new thing that sells phones...these are people's personal assistants now with their entire lives and financial business on them.
With all the features included on new phones these days, including theme engines, for most people just having root is enough. And for some devices there is not even root.
Best advice? Look towards a Nexus device...unlockable, rootable and works on all carriers.
What kind of development do you want exactly? Between root and all the Xposed modules available, there really is no more need for custom ROMs. For the V10, P_Toti's G4TweaksBox takes care of 95% of things people would want to change, and you can accomplish the rest with Xposed.
when the phone stops doing what you want(i.e. when it's end of life and thus isn't supported by the oem) then is the time to worry about romming, but honestly, by the time a device is end of life, it's usually time to get a new phone anyways...android is to the point now that other than modifying things layout-wise, there's no reason to rom...as has been said numerously, between xposed and the way android is, and manufacturer skins as well, there's no point anymore