ubuntu-phone team mailing list archive

[Oliver Grawert <ogra@xxxxxxxxxx>]

hi,

Am Donnerstag, den 23.04.2015, 14:58 +0200 schrieb Matthias Apitz:
> El día Thursday, April 23, 2015 a las 02:28:17PM +0200, Oliver Grawert escribió:
> 
> > > I did a test and the data was visible in my case for around 7 minutes.
> > > Which sounds short, but for someone who knows the details and how to
> > > save a copy of the ring buffer for further analysis, it's enough time.
> > > 
> > > Thanks for your hint, I'm warned :-)
> > 
> > now you just have to find a way to gain access to that ringbuffer ...
> > which should be impossible on a normal/unhacked phone :) 
> 
> Hi,
> Someone finds within the 7 minutes your unlocked phone on your desk (or
> knows your unlock key from watching over your shoulders); the
> terminal-app is enough on a normal/unhacked phone to copy, first, the
> ring buffer away inside the phone, and later, with more time, SCP the data
> away to its own server via mobile data or Wifi.

the moment you enable ssh i wouldnt call your phone an unhacked phone
anymore ;) 
i'm talking about a normally used phone like my mom would use it ...
without installing a terminal-app, enabling developer mode or ssh ...
since she doesn't know what that is ;)  
if you alter the low level defaults you should be aware that you also
alter security abilities ...

ciao
	oli

Attachment: signature.asc
Description: This is a digitally signed message part