| |||||||||||||
EFF: Don't Sacrifice Security on Mobile DevicesEFF: Don't Sacrifice Security on Mobile DevicesPosted Jan 23, 2011 19:37 UTC (Sun) by drag (subscriber, #31333)In reply to: EFF: Don't Sacrifice Security on Mobile Devices by Aissen Parent article: EFF: Don't Sacrifice Security on Mobile Devices
> I agree 100% with you. What OEMs are doing is criminal, and I'm eagerly waiting for the first mobile worms/botnets targetting these devices in particular, because it seems it's the only things vendors would listen to.
If users decide that is important to have updated firmware on their phones then their purchasing decision will reflect this. Companies will see a financial reward for keeping their stuff up to date. I don't see anything criminal at all about not updating the firmware. It's a problem between the manufacturers, carriers, and their customers.
You can't force people not to suck. You just don't give them money.
Google might be able to force them a little bit. Google has compliance rules that go along with their proprietary Google Apps add-ons so they could add versioning requirements on top of them.
This is a classic problem with dealing with embedded developers. They have had no need in their professional experiences to make sure their customer's firmwares are up to date. It's expensive and difficult and the market dictates that new devices have priority over updating old ones.
The only thing that can be done is to make it cheaper and easier as far as the Linux kernel and friends are involved to make updates for phones combined with educating the buying public why having newer Android versions is in their advantage and what phones to buy that will provide them with up to date features.
Personally I only buy phones that I know will get supported by third parties like Cyanogenmod, but this approach is not suitable for most people for a whole host of reasons.
(Log in to post comments)
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 23, 2011 20:56 UTC (Sun) by Aissen (subscriber, #59976) [Link]
You are right, the users decide what's important for them. Once viruses and worms start stealing data, money and bricking or resetting their phones, they will decide (as well as the OEMs) that having latests security updates is important.
Or maybe they will decide that having an open phone with replaceable firmware is important (but that is a dream for now ).
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 23, 2011 21:18 UTC (Sun) by foom (subscriber, #14868) [Link]
1) If that happens, I suspect the news will instead be "Massive data-stealing/phone-bricking/money-stealing worm for Android phones!!", not "${all that} for phones from OEMs which ship massively outdated versions of Android! (which BTW is nearly all of them)". It seems like something Google should want to put some pressure (or give some assistance to) the OEMs in order to avoid having that news release actually happen...
2) How are users even supposed to know if there are any security holes in their phones that their OEMs haven't fixed if Google doesn't release advisories?
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 23, 2011 21:51 UTC (Sun) by Aissen (subscriber, #59976) [Link]
1) I agree. If Google can't give enough incentives or apply enough pressure, mainstream media will do it, the hard way. It's a scenario no one wants.
2) True, that's what I tried to say in my first comment above.
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 24, 2011 1:34 UTC (Mon) by drag (subscriber, #31333) [Link]
> You are right, the users decide what's important for them. Once viruses and worms start stealing data, money and bricking or resetting their phones, they will decide (as well as the OEMs) that having latests security updates is important.
Yes. That is about it. They decide how important something is to them then they give their money out accordingly. Manufacturers that do a decent job providing what the users actually want and need will probably do better then those that don't.
BTW. Android virus is found in the wild in China. Unlike the bank widget thing that happened in Android market that was entirely blown out of proportion (the one group that actually examined the software instead of just speculating dismissed the idea that he was using the software to steal bank information as fantasy with no evidence in the software) this is a actual virus infecting applications.
I didn't see much details, but from what I remember it was a virus attached to legit software. Found in third party repos (aka app markets).
> Or maybe they will decide that having an open phone with replaceable firmware is important (but that is a dream
for now
).
Possibly.
One of the big things that we have going for us is the desire to cut costs will probably lead to a standardized platform. This will raise the cost of the development of the hardware a bit and increase complexity, but per unit costs shouldn't be affected much and it will lower the cost of development and support. This should have the effect of dramatically lower the barrier for third party software to support phones.
Since now we have phones and hardware developed from the ground up to work specifically with Linux kernel in Android then we can hopefully avoid most of the 'What would Windows Do?' solutions to work around bugs in ACPI and such.
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 24, 2011 2:46 UTC (Mon) by drag (subscriber, #31333) [Link]
Here is some details:
Of course this does not come close to the level of really horrible crap that was a constant plague on Symbian and Windows mobile phones, especially in that area of the world. But it's just the beginning.
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 25, 2011 7:32 UTC (Tue) by cmccabe (guest, #60281) [Link]
I don't think stuff like that is really a technical problem. People make unwise decisions with their personal information all the time. Some people email their bank account numbers to Nigerian scammers. Some people post drunken pictures of themselves on Facebook. Technology can't stop that.
Unless you create an Apple-style lockdown on the platform, people are always going to be able to download trojan'ed applications from shady pirate sites and install them. Some people will also be unwise enough to give those shady applications full security capabilities.
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 25, 2011 0:18 UTC (Tue) by AndreE (subscriber, #60148) [Link]
Right, and what choices exactly do consumers have?
Who has published definitive support and update timelines for their phone.
And what level of warranty does Cynogenmod provide again? Do they have a security team patching security flaws?
The consumer has no choice in the matter, period, and neither the software nor hardware vendors seem to really care.
EFF: Don't Sacrifice Security on Mobile Devices Posted Jan 27, 2011 10:27 UTC (Thu) by trasz (guest, #45786) [Link]
Apple is very user-friendly when it comes to firmware upgrades, even for old devices.
EFF: Don't Sacrifice Security on Mobile Devices Posted Feb 1, 2011 19:34 UTC (Tue) by leoc (subscriber, #39773) [Link] Not really. The original iPhone, which is not even 3 years old, is no longer supported by Apple.
EFF: Don't Sacrifice Security on Mobile Devices Posted Feb 1, 2011 20:33 UTC (Tue) by foom (subscriber, #14868) [Link]
Well, it's better than the situation with android phones, where they don't even get firmware upgrades that existed well before the phone was released...
|
|||||||||||||