← Back to team overview

ubuntu-phone team mailing list archive

Re: Is ubuntu phone resistant to vault 7 attacks?


On Tue, Mar 7, 2017 at 9:54 PM, Bruce <bruce.griffis@xxxxxxxxx> wrote:
> And I'm thinking "no."
> I am not aware of a firewall being ported to Ubuntu Phone. Perhaps ufw is
> built in, and we just need gufw to configure it?

Are there any network ports open on Ubuntu Touch? What need would the
firewall have
if no network ports are open?
By having snaps it is also possible to have assurance on outgoing
network connections (per snap).

> I'm not aware of anti-virus available for Ubuntu Phone. I know Linux is
> targeted much less, but it is not impervious. And I'm not sure at all how
> you'd watch file sizes and signatures to make sure the phone isn't hacked.

An antivirus these days would MITM your TLS connections (install their
own root certificate)
just to be able to inspect your encrypted traffic. This opens up a can of worms.
In both "click" and snap packages, the installed packages are in file systems
that are read-only.

> At first I thought my Nexus 4 running Ubuntu Touch was much safer than
> android alternatives. Now I know that I was simply trusting it, and did not
> have the tools to know for sure if it was safe. I'm thinking the browser is
> pretty wide open as well. I don't think you can install SSL Everywhere or
> Privacy Badger, and I sure don't think you could run TOR Browser.

Both SSL Everywhere and Privacy Badger are browser add-ons.
It's an issue of being able to run browser add-ons.

SSL Everywhere tries to fix the issue that some important websites
are not configured properly (offer both HTTP and HTTPS for important content).
With HSTS (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
properly configured, there would be no need for such addons.

Privacy Badger is an addon similar to AdBlock Plus.

Regarding Tor, it might be able to snap the whole Tor browser.
I think it is more important to have generic VPN support (already
supported, so that the
mobile device can connect securely to somewhere else
and have that "somewhere else" deal with network protocols.

> There has been a lot of talk about the Ubuntu Touch phone being more secure
> and just saying goodbye to hackers and exploits. I don't see that as a fact,
> though. Can you encrypt the file system? Or could a researcher grab a phone
> and have potentially unlimited attempts at getting at the data?

The facility to encrypt the file system is something doable and will happen
at some point.

With Android and iOS you just can't say what is happening behind the scenes.
You can get some apps that show a cool UI and claim that everything is fine.

The attack surface of Ubuntu Touch is much much smaller.
This is utterly important in terms of security.

Having said that, there are issues in Ubuntu Touch that should be dealt with
once the move to Ubuntu Personal is completed.

In terms of long-term security, having a viable alternative to Android/iOS
is super-critical to an ecosystem of secure mobile devices.


> On 03/07/2017 12:39 PM, Simos Xenitellis wrote:
>> On Tue, Mar 7, 2017 at 5:15 PM, Melvin Carvalho
>> <melvincarvalho@xxxxxxxxx> wrote:
>>> Recently, the CIA lost control of the majority of its hacking arsenal
>>> including malware, viruses, trojans, weaponized "zero day" exploits,
>>> malware
>>> remote control systems and associated documentation. This extraordinary
>>> collection, which amounts to more than several hundred million lines of
>>> code, gives its possessor the entire hacking capacity of the CIA
>>> https://wikileaks.org/ciav7p1/
>>> Mark Shuttleworth has previous said that Ubuntu is strongly resistant to
>>> viruses.
>>> Many reports of Android and IOS targeting, perhaps this is a good reason
>>> to
>>> switch to ubuntu phone?
>> The short answer is Yes.
>> Towards that answer, both Android and iOS are much more complex
>> which does not help you to have a somewhat informed view as to what is
>> going on inside.
>> Simos
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp

Follow ups