Related
Here is a thought. Is it possible that HTC is trying to engineer a solution that gives them the ultimate out? Is it possible that they will be engineering an unlock that sprint then has full control over? I.E. Sprint would then be able to go in and relock at will? This way HTC gets to say they are releasing their products unlocked but the carriers are controlling it?
I would imagine they would have just as many pissed off customers, but perhaps they are willing to take that risk? It is just a theory... so I don't even know if that is possible.
But I just can't think of why this could possibly take them this long. It would take half of a work day to prep the unlock and put it up on their website for download.
Anyone else have thoughts on that theory? Or perhaps you have other conspiracy theories to offer?
Possibly because it's not their number 1 priority? I'm sure they'll keep their promise, I just doubt it's at the very top of their list of things to do.
Jye75 said:
Possibly because it's not their number 1 priority? I'm sure they'll keep their promise, I just doubt it's at the very top of their list of things to do.
Click to expand...
Click to collapse
Exactly. In less than a week 2 updates have been pushed OTA to fix various bugs. Their priorities are obviously making sure the phone is working properly before allowing users to unlock them and rightfully so. This has all been so dramatic and if you look at their FB page its quite ridiculous how people are responding. HTC will get this done but there are more important issues to address first.
Perhaps they are waiting to see if the angry masses are bluffing.
Mine was returned. Simple reason is this... Better devices are a few months away that wont have locked bootloaders.
So bye bye EVO3d, me and my money will go elsewhere (nexus prime)
Sent from my PC36100 using XDA Premium App
We all know that when unlocking and rooting there is a risk that you may get bricked, I'm pretty sure their biggest objective is to make sure anything they give us doesn't result in a bunch of paperweights that need to be replaced for free... That's not good business for them
Bussin Caps from my 3D shooter
Another thing, they are probably looking to find a universal way to unlock all of the phones that have just released too... Just a thought..prolly not the case though
Bussin Caps from my 3D shooter
I'd rather them fix the bugs first (like the new text message notification bug) and then unlock the device for us.
captblaze said:
Perhaps they are waiting to see if the angry masses are bluffing.
Mine was returned. Simple reason is this... Better devices are a few months away that wont have locked bootloaders.
So bye bye EVO3d, me and my money will go elsewhere (nexus prime)
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
Interesting that you even purchased the device in the first place... It was widely known that the bootloader was locked when the phone was released.
mlin said:
Exactly. In less than a week 2 updates have been pushed OTA to fix various bugs. Their priorities are obviously making sure the phone is working properly before allowing users to unlock them and rightfully so. This has all been so dramatic and if you look at their FB page its quite ridiculous how people are responding. HTC will get this done but there are more important issues to address first.
Click to expand...
Click to collapse
This makes no sense at all. They could easily kill two birds with one stone and unlock during one of the OTAs to fix a bug. We don't need bugs fixed before the unlock. The reality is that once it is unlocked, our devs will take care of bugs in much shorter order than they (HTC) will. And in reality, once rooted, I will probably eliminate half of the bloatware that contains the bugs. So there will be nothing for me (and many others) to fix at that point.
The reality is that this is a simple task. They merely need to hand over the key. They fact that they are stalling leads me to believe they have sinister plans.
I think they are waiting to release enough bug fixes to get a pulse on their new hardware. They don't want rooting to complicate the picture: they'll never know whether the problems are caused by rooting or legit bugs. So I think they'll do one of two things:
(1) Unlock the phone in the next OTA in the next few days. They may have the unlock ready but they are tidying up some final bug fixes in the SAME OTA.
(2) They want to release one more OTA before they unlock... so it may not be in the next one but will likely be in the following.
That's my guess.
Mike
edufur said:
This makes no sense at all. They could easily kill two birds with one stone and unlock during one of the OTAs to fix a bug. We don't need bugs fixed before the unlock. The reality is that once it is unlocked, our devs will take care of bugs in much shorter order than they (HTC) will. And in reality, once rooted, I will probably eliminate half of the bloatware that contains the bugs. So there will be nothing for me (and many others) to fix at that point.
The reality is that this is a simple task. They merely need to hand over the key. They fact that they are stalling leads me to believe they have sinister plans.
Click to expand...
Click to collapse
yes our devs could squash bugs quicker, but our devs also arent liable.. if HTC releases an update that unlocks all of our phones, and the next day they all brick, due to a rush, then we all get free phones.. our devs rush a release of something and it bricks, oops, your bad for flashing it.. so it makes sense that they would want this tested, as well as they should make sure the phone is working properly before they unlock it.. it will be unlocked, just give it time.. if they unlock it today, and something screws up, we will all jump on the "HTC sucks for screwing up my device train"..
I think people are just being way too paranoid. I mean, it's not even been a week since the phone's been released!
Sometimes, it's best to use separate stones to kill two birds. XDA developer bug fixes may not be in alignment with future HTC updates. Granted, you'd be rooted, but if it means having to completely redo bug fixes that should have been fixed already, when updating any new roms from HTC, you're doing twice the work.
edufur said:
This makes no sense at all. They could easily kill two birds with one stone and unlock during one of the OTAs to fix a bug. We don't need bugs fixed before the unlock. The reality is that once it is unlocked, our devs will take care of bugs in much shorter order than they (HTC) will. And in reality, once rooted, I will probably eliminate half of the bloatware that contains the bugs. So there will be nothing for me (and many others) to fix at that point.
The reality is that this is a simple task. They merely need to hand over the key. They fact that they are stalling leads me to believe they have sinister plans.
Click to expand...
Click to collapse
Really? No sense, huh? This unlock is more than the snap of a finger, it takes time. That said, push bug fix updates AQAP and don't delay them by trying to bundle in the bootloader unlock. More people want a phone that works than the number that care about the bootloader. Of course they don't want to release their private key, they want to just release and OTA unlock that does not reveal their key at all. If this still doesn't make sense to you then I won't even bother responding to you next time because we obviously think in very different ways and there is no more I can say to try to explain this.
mlin said:
Really? No sense, huh? This unlock is more than the snap of a finger, it takes time. That said, push bug fix updates AQAP and don't delay them by trying to bundle in the bootloader unlock. More people want a phone that works than the number that care about the bootloader. Of course they don't want to release their private key, they want to just release and OTA unlock that does not reveal their key at all. If this still doesn't make sense to you then I won't even bother responding to you next time because we obviously think in very different ways and there is no more I can say to try to explain this.
Click to expand...
Click to collapse
Actually, if you think about it, what is the point of guarding the key? If it is going to be unlocked, it is unlocked. The key to lock it isn't important anymore. If they want to lock future devices (which they said they don't), they could just create a new key.
In fact, the least risky thing for them to do would be to publish the key and tell people they get no warranty if they unlock it themselves... and that it would only be warrantied if they had a sprint rep do it.
There are so many ways they could do it fast and do it right. There is no excuse for the delay.
edufur said:
Actually, if you think about it, what is the point of guarding the key? If it is going to be unlocked, it is unlocked. The key to lock it isn't important anymore. If they want to lock future devices (which they said they don't), they could just create a new key.
In fact, the least risky thing for them to do would be to publish the key and tell people they get no warranty if they unlock it themselves... and that it would only be warrantied if they had a sprint rep do it.
There are so many ways they could do it fast and do it right. There is no excuse for the delay.
Click to expand...
Click to collapse
100% Agreed.
Releasing 'just the key' would also keep the barrier to entry relatively high. There are now thousands (tens of thousands? hundreds of thousands?) of people who have learned about 'root and bootloader thing' who are going to want in, even though they will not understand it...too easy of a solution and there will be bricks left and right even though it is not just easy to avoid a brick it is damn hard to achieve one...don't flash the wrong phone's radio, gotcha....(why not crypto-sign those, but I digress)
Not to mention that every single day that ticks past that we do not have root we are losing developers. The evo4g had this utterly amazing community behind it because the phone had buzz, it was delivered on time, it has awesome hardware and IT WAS ROOTED A WEEK OR TWO BEFORE RELEASE....I rooted mine in the radio shack parking lot on release day at 5:30am....we had mods later that day, roms later that week....this smart-phone business is fast-paced...sure, a lot of people are saying 'Just be patient', but, our community (that is currently just a rampaging mob) hasn't even formed yet and the time is ticking, more compelling devices are weeks away--WITHOUT LOCKS....if we get unlocked in 2 months, well, it won't be anything like the evo4g scene.
I will return my phone on the 23rd of July....Why did I buy it knowing full well it would be locked? They said it would be unlocked, and if done in a reasonable amount of time (which I believe 29 days to be) it is a device I would want and that would be a community I would want to be a part of...but that window is closing, constantly. I love the phone, but, I'm following the developers...screw the companies. They are supposed to work towards OUR satisfaction.
I'd bet its delayed because they are building in some kind of mind control function.
yep, that's my guess HTC is trying to turn us into zombies.
that or maybe it just takes time for the EVO 3D time to code it and all the bug fixes as well.
but I'm pretty sure its the zombie thing.
Alanmw86 said:
I'd bet its delayed because they are building in some kind of mind control function.
yep, that's my guess HTC is trying to turn us into zombies.
that or maybe it just takes time for the EVO 3D time to code it and all the bug fixes as well.
but I'm pretty sure its the zombie thing.
Click to expand...
Click to collapse
+1 zombies makes total sense
Now available in 3D
Alanmw86 said:
that or maybe it just takes time for the EVO 3D time to code it and all the bug fixes as well.
Click to expand...
Click to collapse
The only time it take to release the key is the time it takes for them to post it. 1 hour max. Well worth it to stop the bad PR spam they are getting on their FB wall.
Ok i am not trying to be ignorant but is it really that important to have root so fast? I always wanted to root my phone but never did because I was under the assumption that most roms did not fully work completely. Like some couldn't record video or the 4g wasn't working or some other key features didn't work. Like I said I am just assuming and could totally be wrong.
Guys and Gals, we have been struggling with unlocking the S4 Bootloader for well over a year. I stay current with where our progress is. I'm not a developer and i know this is a crazy suggestion but what have we got to lose?
Why don't we pool our old devices and use OpenCL (or similar) to tap into our phone GPUs and try a targeted attack on our bootloader? Yes, I know, I know it will take a billion years for a million supercomputers to brute force the SHA1 key. But headway has been made in the last year in finding ways to target attacks on SHA1. I'm not saying it will be easy...it won't. Hell, I don't even know how to get started but that's why I bring the request to you guys. I have 2 or 3 old devices....we all do. Plus if we continue this then every year each of us is adding a device to the computational network.
I know there will be many "nay-sayers" so don't post with negativity. If you are interested and want to contribute then post and let me know.
@Surge1223 @joshuabg @ryanbg @NighthawkXL @RuggedHunter @SamuriHL
I like the idea but this could take a very long time, but there is a chance that one of the first keys we gen is the right key. And why exactly did you mention me?
Sent from my OtterX running AICP using Tapatalk
Why utilize under powered devices?
http://www.infosecurity-magazine.com/news/sha-1-crypto-protocol-cracked-using-amazon-cloud/
I'm going to bow out, though, as I'd only be one of the naysayers on this.
joshuabg said:
I like the idea but this could take a very long time, but there is a chance that one of the first keys we gen is the right key. And why exactly did you mention me?
Sent from my OtterX running AICP using Tapatalk
Click to expand...
Click to collapse
Because you keep up with the threads on our bootloader, so I figured you would have some interest.
SamuriHL said:
Why utilize under powered devices?
http://www.infosecurity-magazine.com/news/sha-1-crypto-protocol-cracked-using-amazon-cloud/
I'm going to bow out, though, as I'd only be one of the naysayers on this.
Click to expand...
Click to collapse
Because they are free. Our community doesnt have a good track record for paying for research and development to benefit themselves directly, much less benefit the greater good. I didn't post to claim I have THE answer...I posted with a crazy ass idea which I hoped would spark some ingenuity in others. Anyway, thanks for the link and thanks for being honest.
Hash Collisions
Finding a hash collision isn't like bruteforcing a password. It's (very basically) finding another file that has the same hash. It's not so much guessing the 'password' as it is hoping that mathematical computation outputs the same hash as another file, by sheer chance. There are academic and private researchers who have been working on this for years, with exponentially more processing power and resources than we could ever hope to see. While I admire your will to find a solution, this won't be happening for us. Your efforts are more fruitful by calling Samsung/Verizon/AT&T and complaining, leaving feedback, and doing it relentlessly. I call/email/chat with Samsung and Verizon on a daily basis, leaving feedback and asking to have my bootloader unlocked. If enough fuss is made, they may come around. Verizon and AT&T are the main targets, I just call Samsung when Verizon gets sick of hearing me.
To put it into perspective, you have a greater chance of winning the powerball 100 times, and getting hit by lightning every time you go to collect your prize.
Even today's most basic quantum computers that are being developed could theoretically take years to crack SHA1 (when used properly), granted it could do it in much less time then any Von Neumann machine could do. But nonetheless it's unrealistic to use this as a method to crack encryption. You'd have a better chance getting the NSA to provide the info on backdoors they have (assuming the Snowden leaks are true) that they have broken nearly all modern encryption by providing researchers with a flawed RNG.
http://www.xperiablog.net/2015/08/0...ty-fix-heading-to-xperia-z-series-this-month/
This is to confirm Sony will be pushing out an update to protect their Z series phones first from this Stagefreight problem that involves hacking our Androids with simply MMS. The issue is for us is that we still haven't had Lollipop to our phones for this long. Will this patch update may even take Verizon to do a hell a lot longer before they could even give us our deserved update? Because this is a serious issue that must be addressed.
I've also attached a screenshot from the analysis app for my Z3v, and we're definitely vulnerable...
Sent from my D6708 using XDA Free mobile app
we are ****ed
Watch vzw give us a patch without 5.1...
Old news Vzw is a terrible carrier
Not only stagefright but now certifi-gate, and certifi-gate you need to update the whole OS to fix it, so maybe we will finally get Lollipop, but wouldn't hold your breath.
I feel like a duck sitting on a pond surrounded by hunters, being a sitting duck I don't like.
SO LETS SEE HOW VZW PROTECTS THEIR NETWORK NOW!
Will VZW patch or will VZW not?
The quick fix solutions I have found so far in credits to Android Authority is to either download Textra for your messaging app, or disable auto downloading of MMS attachments on your messaging app.
To do that on our phones, go to stock Messaging app, Settings, then scroll down to uncheck Auto MMS Retrieval.
GigaSPX said:
The quick fix solutions I have found so far in credits to Android Authority is to either download Textra for your messaging app, or disable auto downloading of MMS attachments on your messaging app.
To do that on our phones, go to stock Messaging app, Settings, then scroll down to uncheck Auto MMS Retrieval.
Click to expand...
Click to collapse
Good tip, did that yesterday to mine and my wife's phone after reading the exploit news.
Be careful, any MMS can have the exploit attached.
Forgot to add, I disabled "Hangouts" too, I think it is affected too.
I was on my phone and went to xda news and saw the pushbullet article. I click on comments and get a redirection with a mess of ads and a android message talking about being infected....wth xda!!!
1linuxfreak said:
Not only stagefright but now certifi-gate, and certifi-gate you need to update the whole OS to fix it, so maybe we will finally get Lollipop, but wouldn't hold your breath.
I feel like a duck sitting on a pond surrounded by hunters, being a sitting duck I don't like.
SO LETS SEE HOW VZW PROTECTS THEIR NETWORK NOW!
Will VZW patch or will VZW not?
Click to expand...
Click to collapse
Where are you reading that you need to update the whole OS to patch Certifi-gate? Read this article, particularly the quote from the google spokesperson. http://www.zdnet.com/article/androcertifi-gate-remote-access-security-hole-malware-seen-in-the-wild/
BladeRunner said:
Where are you reading that you need to update the whole OS to patch Certifi-gate? Read this article, particularly the quote from the google spokesperson. http://www.zdnet.com/article/androcertifi-gate-remote-access-security-hole-malware-seen-in-the-wild/
Click to expand...
Click to collapse
Took you long enough to try and disprove me.
Do some reading you will find it. It is a problem with a layer in the OS, I had the information before the Black Hat conference.
1linuxfreak said:
Took you long enough to try and disprove me.
Do some reading you will find it. It is a problem with a layer in the OS, I had the information before the Black Hat conference.
Click to expand...
Click to collapse
I did read, couldn't find anything to support what you are saying but did find what I linked. If you have something else feel free to share with the rest of us. Kind of a moot point to me really as I am on my Nexus 6, which apparently isn't vulnerable.
That's okay I'm fine with being right don't have to prove it to you.
1linuxfreak said:
That's okay I'm fine with being right don't have to prove it to you.
Click to expand...
Click to collapse
you have something against sharing with the community?
BladeRunner said:
you have something against sharing with the community?
Click to expand...
Click to collapse
Your name is "community"?
Pleasure to meet you Community.
If you have Nexus 6 and are not at risk, are you just here to gloat and point fingers at us and laugh? Not very friendly.
1linuxfreak said:
Your name is "community"?
Pleasure to meet you Community.
If you have Nexus 6 and are not at risk, are you just here to gloat and point fingers at us and laugh? Not very friendly.
Click to expand...
Click to collapse
Who's pointing fingers and laughing? There is a community of users here that could benefit from the information you have if you'd share it. I only asked where you got your information from as the information I had seemed to imply something different.
BladeRunner said:
Who's pointing fingers and laughing? There is a community of users here that could benefit from the information you have if you'd share it. I only asked where you got your information from as the information I had seemed to imply something different.
Click to expand...
Click to collapse
If you know as much as you imply you would already know what I know and there would be no need for further discussion.
So as far as you are concerned the scare is over. Patches are out everything is fine. At least with your Nexus 6.
I will not post up something that is available on the inter web and you can find yourself. LAZY! Wait you may not get it right so here --
"Android-based mobile devices are under threat from yet another major security vulnerability and this time a simple download patch won’t fix it. Making smartphones and tablets safe against the new 'bug', dubbed Certifi-gate, will reportedly require a rewrite of the underlying software, leaving most mobile devices vulnerable until a new operating system version is released." -- there copy and paste this into your browsers search window or highlight and right click and do "Search Google" for this. Wait here -- https://www.google.com/search?q=certifi-gate+requires+a+OS+rewite&ie=utf-8&oe=utf-8#q=certifi-gate+requires+a+OS+rewrite
since you can't do it yourself.
Please go away now troll.
1linuxfreak said:
If you know as much as you imply you would already know what I know and there would be no need for further discussion.
So as far as you are concerned the scare is over. Patches are out everything is fine. At least with your Nexus 6.
I will not post up something that is available on the inter web and you can find yourself. LAZY! Wait you may not get it right so here --
"Android-based mobile devices are under threat from yet another major security vulnerability and this time a simple download patch won’t fix it. Making smartphones and tablets safe against the new 'bug', dubbed Certifi-gate, will reportedly require a rewrite of the underlying software, leaving most mobile devices vulnerable until a new operating system version is released." -- there copy and paste this into your browsers search window or highlight and right click and do "Search Google" for this. Wait here -- https://www.google.com/search?q=certifi-gate+requires+a+OS+rewite&ie=utf-8&oe=utf-8#q=certifi-gate+requires+a+OS+rewrite
since you can't do it yourself.
Please go away now troll.
Click to expand...
Click to collapse
wow, I really feel that was completely uncalled for.
BladeRunner said:
wow, I really feel that was completely uncalled for.
Click to expand...
Click to collapse
Really bro and what you did to me was kosher? Alrighty then!
Should have left it alone, I all but begged you to drop it.
So now I am wrong for sharing, really?
1linuxfreak said:
Really bro and what you did to me was kosher? Alrighty then!
Should have left it alone, I all but begged you to drop it.
So now I am wrong for sharing, really?
Click to expand...
Click to collapse
WHT, exactly, did I "do to you"? Wrong for sharing? Absolutely not. It's what I wanted from the beginning. Wrong for personally attacking by calling me lazy and a troll. Absolutely, I am neither, thank you very much.
This thread was on its way down the list but I just had to wake it up......
The news on the Wi-Fi Krack Attack says it was discovered a few months ago, but an Android patch won't come until November 2017 security update?
So the V30 is launching with this huge Wi-Fi security vulnerability, probably not to be patched for several months or more (if ever)?
That might be enough to give many potential buyers pause, waiting on the patch. If so, discounts might ramp sooner and steeper.
Anybody have any info to offer regarding V30 and Krack Attack?
TIA...
Its a lot more hype and hysteria than anything .... IMO
Unless you go door to door visiting wifi services, it's nothing to lose sleep over.
Tinkerer_ said:
The news on the Wi-Fi Krack Attack says it was discovered a few months ago, but an Android patch won't come until November 2017 security update?
So the V30 is launching with this huge Wi-Fi security vulnerability, probably not to be patched for several months or more (if ever)?
That might be enough to give many potential buyers pause, waiting on the patch. If so, discounts might ramp sooner and steeper.
Anybody have any info to offer regarding V30 and Krack Attack?
TIA...
Click to expand...
Click to collapse
Good grief dude. This vulnerability exists on every single phone that's got Android 6 or higher (plus just about every device, not even just phones) which means every single phone launched in the past two years. So if you bought an Android phone since then (or anything that connects to wifi for that matter), you're already vulnerable and have been for a while. I'll reiterate, every device that connects via wifi is vulnerable. All of them.
But there's really great news. The V30. It's a cellphone. It has cellular data radios built in. In fact, my data speeds across my cell network are faster than across any wifi point I connect to. Which is to say, I have zero reason to connect my phone to a wifi point.
If you are using a laptop, desktop, or whatever, you have more reason to worry about those.
CHH2 said:
Good grief dude. This vulnerability exists on every single phone that's got Android 6 or higher (plus just about every device, not even just phones) which means every single phone launched in the past two years. So if you bought an Android phone since then (or anything that connects to wifi for that matter), you're already vulnerable and have been for a while. I'll reiterate, every device that connects via wifi is vulnerable. All of them.
But there's really great news. The V30. It's a cellphone. It has cellular data radios built in. In fact, my data speeds across my cell network are faster than across any wifi point I connect to. Which is to say, I have zero reason to connect my phone to a wifi point.
If you are using a laptop, desktop, or whatever, you have more reason to worry about those.
Click to expand...
Click to collapse
Thanks for more "ready-fire-aim" snark, CHH2.
The point is this: Since we all know that most existing Android phones are vulnerable to Krack, it might occur to (some of) us that we should look to our next new phone to NOT have this vulnerability.
Especially given the abysmal (to nonexistent) performance of security updates provision for most phones after the sale. (Except for Apple, Google, Samsung... am I missing any? LG sux at this too, correct?)
And further, because rooting makes OTAs (including those to get security patches) a time-consuming hassle with added risk, after the sale.
Thanks in advance to any who can offer info about the original question.
...
Tinkerer_ said:
The news on the Wi-Fi Krack Attack says it was discovered a few months ago, but an Android patch won't come until November 2017 security update?
So the V30 is launching with this huge Wi-Fi security vulnerability, probably not to be patched for several months or more (if ever)?
That might be enough to give many potential buyers pause, waiting on the patch. If so, discounts might ramp sooner and steeper.
Anybody have any info to offer regarding V30 and Krack Attack?
TIA...
Click to expand...
Click to collapse
Really?
Good grief...
Really?
steve841 said:
Its a lot more hype and hysteria than anything .... IMO
Unless you go door to door visiting wifi services, it's nothing to lose sleep over.
Click to expand...
Click to collapse
Maybe. Unless there are "script kiddy" youth nearby with too much idle time and parents buying them too many toys, who like to hack for entertainment.
I think these responses are instructive, about the sort of blasé attitude towards SW/HW faults in general, and security in particular, that lead to nontrivial system flaws and security vulnerabilities like this in the first place.
Also, note that it took a researcher in Belgium, not the US, to discover this defect. Coincidence? (Let's dispense with cute euphemisms like "bug", and call them what they are: Faults, and defects.)
Still hoping for useful info about the issue itself. (How many "good grief"s does it take?
...
Tinkerer_ said:
Thanks for more "ready-fire-aim" snark, CHH2.
The point is this: Since we all know that most existing Android phones are vulnerable to Krack, it might occur to (some of) us that we should look to our next new phone to NOT have this vulnerability.
Especially given the abysmal (to nonexistent) performance of security updates provision for most phones after the sale. (Except for Apple, Google, Samsung... am I missing any? LG sux at this too, correct?)
And further, because rooting makes OTAs (including those to get security patches) a time-consuming hassle with added risk, after the sale.
Thanks in advance to any who can offer info about the original question.
...
Click to expand...
Click to collapse
Hey! Look at this! Both my V20 and V30 have the BlueBorne patch! So, no, they do not suck at this. And that's even having to go through the carrier gateway too. And yes, I already offered to information about the original question but just for giggles....
Tinkerer_ said:
Maybe. Unless there are "script kiddy" youth nearby with too much idle time and parents buying them too many toys, who like to hack for entertainment.
I think these responses are instructive, about the sort of blasé attitude towards SW/HW faults in general, and security in particular, that lead to nontrivial system flaws and security vulnerabilities like this in the first place.
Also, note that it took a researcher in Belgium, not the US, to discover this defect. Coincidence? (Let's dispense with cute euphemisms like "bug", and call them what they are: Faults, and defects.)
Still hoping for useful info about the issue itself. (How many "good grief"s does it take?
...
Click to expand...
Click to collapse
Risking a hand slap from a mod, you're just an attention whore. Just Google the information like the rest of us did and you'll see why we're all "blase". And what exactly are you trying to infer that it took Belgians to discover this defect? There are labs, developers, companies, and testers around the world constantly poking and prodding at this stuff looking for the next hole because there will always be a next hole. Just like your home, internet security is an illusion, especially when you are connecting to wi-fi. With or without this attack, wi-fi is problematic. And that's why some of us aren't allowed to connect our work computers to wi-fi networks unless they are known entities.
You're too busy running around exclaiming the sky is falling while most of us already know not to stand under certain parts of the sky because that's not the sky falling, that's bird droppings.
Oh, and faults and defects are called bugs in software. That's just how we do things on the software side of things. (And yes, I deal with software and hardware on a daily basis for work.)
I think I understand.
The V30 will have this defect (security vulnerability affecting all wifi) for a lonnng time after launch. Asking about the vulnerability in an XDA forum brings "good grief" and hostile ad hominem in response, rather than relevant info about the issue itself. Textbook hubristic defensiveness.
Maybe the hubristic culture that tries to make everyone think SW defects and security vulnerabilities are OK, is getting a boost from the string of massive security breaches recently, like Equifax and OPM. Who cares about security and privacy, when everything is pwned anyway, right? Just go with the flow, don't even try to secure anything anymore.
Thanks for the information.
Tinkerer_ said:
I think I understand.
The V30 will have this defect (security vulnerability affecting all wifi) for a lonnng time after launch. Asking about the vulnerability in an XDA forum brings "good grief" and hostile ad hominem in response, rather than relevant info about the issue itself. Textbook hubristic defensiveness.
Maybe the hubristic culture that tries to make everyone think SW defects and security vulnerabilities are OK, is getting a boost from the string of massive security breaches recently, like Equifax and OPM. Who cares about security and privacy, when everything is pwned anyway, right? Just go with the flow, don't even try to secure anything anymore.
Thanks for the information.
Click to expand...
Click to collapse
Way to make up what you want to read. Like I said, LG update the V20 and V30 for the BlueBorne attack pretty quickly. I suspect that as soon as Android is patched for this, it'll filter down pretty quickly. In the meantime, you can just wear a tinfoil hat to keep the bad rays out. All manufacturers will be working on this and getting fixes out ASAP. After that, it'll be on to the next bug. Because that's how things are in the software world.
CHH2 said:
Hey! Look at this! Both my V20 and V30 have the BlueBorne patch! So, no, they do not suck at this. And that's even having to go through the carrier gateway too. And yes, I already offered to information about the original question but just for giggles....
Risking a hand slap from a mod, you're just an attention whore. Just Google the information like the rest of us did and you'll see why we're all "blase". And what exactly are you trying to infer that it took Belgians to discover this defect? There are labs, developers, companies, and testers around the world constantly poking and prodding at this stuff looking for the next hole because there will always be a next hole. Just like your home, internet security is an illusion, especially when you are connecting to wi-fi. With or without this attack, wi-fi is problematic. And that's why some of us aren't allowed to connect our work computers to wi-fi networks unless they are known entities.
You're too busy running around exclaiming the sky is falling while most of us already know not to stand under certain parts of the sky because that's not the sky falling, that's bird droppings.
Oh, and faults and defects are called bugs in software. That's just how we do things on the software side of things. (And yes, I deal with software and hardware on a daily basis for work.)
Click to expand...
Click to collapse
Agreed.
My 2014 Moto XT1225 -- rooted with Nougat custom ROM -- has BlueBorne patch while Motorola couldn't care less about a 3 year old phone that never got anything past Marshmallow. And next month, when Google releases the security patch for this Krack Attack, I'll be patched for that too!
This is why rooting and custom ROMs will ALWAYS give you the latest security patches, and you don't have to depend on the kindness of OEMs who might take 3 or 4 months to push out something even if you do have "new" device that still gets updates.
If someone if suggesting to skip the LG V30 because of this, that's really silly.
1) LG will most certainly patch it. Will just take some time. Rooting and custom ROMs are the way to go. You can even get OTA updates with most ROMs nowadays.
2) What happens when the "next big thing" hits? Is that person going to always sell their phone every time out of fear?
^Exactly
Oh look! Someone finally put together an article about why this is such a Chicken Little issue! You'll note that not even the Pixels have the fix and it doesn't really matter.
https://arstechnica.com/gadgets/201...until-december-but-is-that-really-a-big-deal/
So a previous exploit has been found not to be patched correctly and most devices made since 2012 are still vulnerable.
It does require "unknown sources" to be enabled. Since the s8 it's been handle on a case by case basis. So I'm not sure we are even affected.
But still maybe with some tweaking? Idk.
I know we all jump the gun every time a exploit is discovered. But I figured what can it hurt to bring it up?
Here is the article
https://arstechnica.com/information...ves-rowhammer-attack-to-root-android-devices/
It's listed as CVE-2018-9442
There is also a testing app, which seems we are not affected. But still maybe something can be done with it.
They said in the article, and others that I have read, that this exploit may not work on all devices. I am fairly confident that this will be of no use to us.
Scott said:
They said in the article, and others that I have read, that this exploit may not work on all devices. I am fairly confident that this will be of no use to us.
Click to expand...
Click to collapse
Well it's how out devices handle unknown sources it what the "problem" seems to be. This requires it to be allowed at all times. Our is on a case by case basis. I was wondering if some tweaking could be implemented to get around that?