| Thread Previous • Date Previous • Date Next • Thread Next |
On Thursday, 23 April 2015 14:05:29 BST, Oliver Grawert wrote:
the moment you enable ssh i wouldnt call your phone an unhacked phoneanymore ;) i'm talking about a normally used phone like my mom would use it ...without installing a terminal-app, enabling developer mode or ssh ...since she doesn't know what that is ;) if you alter the low level defaults you should be aware that you alsoalter security abilities ...
You only need the terminal-app installed to achieve all that. Which can be installed by an attacker in seconds if they have your unlocked phone. As a geek, I have the terminal-app installed, but I don't have developer mode or ssh or anything else enabled.
sudo doesn't require a password, and outgoing ssh is available, so it is fairly trivial to copy the log and upload it somewhere if the phone is unlocked. Particularly as my phone doesn't have a lock enabled, so there is no restriction on time.
And, please don't block ssh in the future. If I was going to use it as an attacker, I could just switch to an http page to upload the data. I don't see how disabling ssh would provide any additional security. But, as a geeky user, being able to ssh to maintain my servers at any time or location is great. That's why I've been using Ubuntu for the past 2 years, to have the power of a full linux system on my phone whenever I need it.
| Thread Previous • Date Previous • Date Next • Thread Next |
