← Back to team overview

ubuntu-phone team mailing list archive

Re: call history && DTMF logging

 

On Thursday, 23 April 2015 14:05:29 BST, Oliver Grawert wrote:
the moment you enable ssh i wouldnt call your phone an unhacked phone
anymore ;) i'm talking about a normally used phone like my mom would use it ...
without installing a terminal-app, enabling developer mode or ssh ...
since she doesn't know what that is ;) if you alter the low level defaults you should be aware that you also
alter security abilities ...

You only need the terminal-app installed to achieve all that. Which can be installed by an attacker in seconds if they have your unlocked phone. As a geek, I have the terminal-app installed, but I don't have developer mode or ssh or anything else enabled.

sudo doesn't require a password, and outgoing ssh is available, so it is fairly trivial to copy the log and upload it somewhere if the phone is unlocked. Particularly as my phone doesn't have a lock enabled, so there is no restriction on time.

And, please don't block ssh in the future. If I was going to use it as an attacker, I could just switch to an http page to upload the data. I don't see how disabling ssh would provide any additional security. But, as a geeky user, being able to ssh to maintain my servers at any time or location is great. That's why I've been using Ubuntu for the past 2 years, to have the power of a full linux system on my phone whenever I need it.


Follow ups

References