← Back to team overview

ubuntu-phone team mailing list archive

Re: Is ubuntu phone resistant to vault 7 attacks?

 

On 03/09/2017 11:53 AM, Rodney Dawes wrote:
> You used the SDK or phablet-shell tool to connect to the device over
> ssh, which enabled it. It is not enabled by default on phones, even
> when developer mode gets enabled. It also only accepts key based login,
> and a unique key is generated for this when you use the SDK or phablet-
> shell command to connect over ssh.

Aha! Yes - I did indeed use the SDK for development. That makes sense.

> Really, it should be only bound on "local" interfaces, and not the
> cellular modem connection.

+1, and maybe additionally - if SDK/IDE turns it on when it needs it, it 
should also turn it off when it's done.

> Yes, you would need to disable ssh with android-gadget-service, to
> disable it.

Thanks for the tip!

Follow ups

References