Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Posted Mar 12, 2014 23:07 UTC (Wed) by jackb (guest, #41909)In reply to: Not going to buy any Samsung device again. by d33tah
Parent article: FSF: Replicant developers find and close Samsung Galaxy back-door
Okay, after this, Samsung lands on my "favorite companies" list, next to Sony. Not ever going to buy a single device from them again
This doesn't go far enough. Samsung only shipped a feature like this because one of their employees agreed to code it for them.
Unless and until the specific people responsible come forward, you should refuse to do work with anyone who has ever coded for Samsung, in any capacity, ever.
Accountability only means something when it's attached to real people. There is no collective "Samsung" which is responsible for this.
Posted Mar 12, 2014 23:43 UTC (Wed)
by bloopletech (guest, #71203)
[Link] (18 responses)
Posted Mar 13, 2014 0:09 UTC (Thu)
by dlang (guest, #313)
[Link] (17 responses)
just because a car can be used to run someone down doesn't mean that the person who designed the car intended it to be used that way.
If you want to ban every programmer who has ever written code that _could_ be used in a bad way, you will very quickly get to a very small group of programmers (and I would argue that that small group has never written anything worthwhile either)
And saying that anyone who ever worked for that company should be blacklisted is going even further into the ridiculous.
There are probably fewer people who graduated from your high school every decade than who work for Samsung. How about we treat you as being guilty for any crime anyone who graduated from your high school in the same year that you did? By limiting it to actual crimes, and only the same year, this is a much smaller impact than blacklisting anyone who works at Samsung (let alone anyone who ever worked there)
Posted Mar 13, 2014 0:21 UTC (Thu)
by jackb (guest, #41909)
[Link] (11 responses)
Do you know what else is ridiculous? Two or three generations of programmers who saw things like this going on for years and never spoke up because their paychecks were more important to them than their integrity. As far as I know boycotts are generally accepted as valid courses of action. If all those programmers wouldn't do the right thing for its own sake in the past, maybe they'll do it now to salvage their reputations and job prospects in the future.
Posted Mar 13, 2014 0:26 UTC (Thu)
by dlang (guest, #313)
[Link] (7 responses)
things like _what_ exactly?
What is it that you _know_ (rather than just assume) is involved here?
And if you are going to lay this on entire generations of programmers, do you really want to be held responsible for everything that your generation of programmers does?
Posted Mar 13, 2014 0:34 UTC (Thu)
by jackb (guest, #41909)
[Link] (2 responses)
things like _what_ exactly? What is it that you _know_ (rather than just assume) is involved here? Yes, how could I forget that it might all just be an innocent mistake. Maybe it was just a debugging tool that was accidentally left in place instead of being removed for production. Oops. On the other hand maybe the tech industry in general has milked plausible deniability one time too many and it doesn't matter any more. Sustained, continuous incompetence is a fine reason for a boycott too.
Posted Mar 13, 2014 10:00 UTC (Thu)
by khim (subscriber, #9252)
[Link] (1 responses)
If your goal is to make your life miserable, then yes, it's valid course of action. If your goal is different then it's pointless. Market rewards slight incompetence. People and companies who are doing something totally crazy and stupid are losing (see Windows Phone), but companies and people who are delivering “good enough” solution first win. This fact means that all companies which survive by necessity deliver half-broken solutions. If you'll start boycotting “continuous incompetence” then in the end you'll just boycott all companies (except for may be few military contractors who are theoretically are foced to compete on quality not price).
Posted Mar 13, 2014 18:23 UTC (Thu)
by dlang (guest, #313)
[Link]
Posted Mar 14, 2014 12:53 UTC (Fri)
by k8to (guest, #15413)
[Link] (2 responses)
I could point to no end of poor security decisions made by my employer through a series of oversights and errors. Periodically, I deliver a list of these oversights to the security team. Periodically, I re-raise the problems. When they're small enough I just fix them myself.
But they just sit in the pile of tedious warts along with all the other tedious warts that any significant codebase acquires. There's no internal force which can really push them to high priority, and the customers don't even notice the amazingly obvious ones that THEIR security team should be easily finding and objecting to. The security issues the customers raise are almost always nonsense, equivalent to "my scanner made a red light" and don't accept a clear explanation of why it's a false positive.
I have to say, working in "enterprise software" has made me REALLY appreciate security researchers. They tend to find these problems and force us to fix them by signalling that the issue has now become a priority. And they do it for free (from our perspective). Ironically when we HIRE the security researchers the stuff they find isn't as prioritized (though much is dealt with in that case).
Is there some kind of fund I can contribute to and/or try to convince my employer to contribute to which helps fund security research work? It seems like an obvious good citizen move.
Posted Mar 14, 2014 13:10 UTC (Fri)
by k8to (guest, #15413)
[Link] (1 responses)
They do not want an accurate summary of the investigation and conclusions. Given a clear writeup of why a problem is unexploitable or does not exist with additional possible mitigations available now and information about which later versions (eg already shipped) do not even have the red light, they are not happy.
What they want is a set of officious looking documents that have a lot of red-tape indicators and wax seals. They don't even care if the information in the documents is right, they just want to see the appropriate level of pomp applied to each security concern they have.
In other words, if we spend 4 days engineering time to dig through and improve the product based on their concerns, they are not happy. If we produce an officious looking pile of boiler plate from an automated nonsense engine in 5 minutes, they are satisfied.
Posted Mar 14, 2014 14:40 UTC (Fri)
by raven667 (subscriber, #5198)
[Link]
I think there is some sort of interesting fundamental truth hidden under there in how we deal with bureaucracy, but I don't know what it is yet.
Posted Mar 21, 2014 2:34 UTC (Fri)
by terrycloth (guest, #96095)
[Link]
One of the requirements was to phone home and tell us what the user was doing with our suite, purely to find ways to improve it. (I’m not being ironic here, that was really what was intended.) We took exception to that, and a few of us were ready to quit before implementing such a thing. And management backed off.
Of course, that was in the ’80s, when any halfway decent programmer could walk out the door and get a (quite possibly better & better-paying) job by next week. As raven667 mentions below, the prospect of going hungry, or even living under a bridge, tests one’s beliefs mightily. I don’t know what I’d do in today’s economy. I know what I hope I’d do, but you can’t be sure until push comes to shove.
Posted Mar 13, 2014 16:41 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (2 responses)
I'm just going to say that yes, a paycheck can be worth more than some rigid concept of integrity. You are welcome to keep your integrity and never bend your will for others, to always have things "your way", if you want to be homeless, sleeping rough and eating out of garbage cans like a raccoon. If instead you wan to live in civilization with others then you'll have to make value judgements and choices and you won't always get your way, you'll have to be able to take orders as well as give orders.
Posted Mar 14, 2014 7:24 UTC (Fri)
by palmer_eldritch (guest, #95160)
[Link]
Posted Mar 21, 2014 19:21 UTC (Fri)
by wookey (guest, #5501)
[Link]
Posted Mar 13, 2014 14:59 UTC (Thu)
by ewan (guest, #5533)
[Link] (4 responses)
It's hostile because of the lack of informed consent. Let's say you're running a local fire department and you choose to offer people a service that allows them to deposit a copy of their door keys with you, so you can get in more easily in the event of an emergency, that's fine; people can take you up on it if they want.
Sneaking into people's houses in the dead of night to secretly copy their keys, even with such 'good intentions', is not fine.
Posted Mar 13, 2014 18:22 UTC (Thu)
by dlang (guest, #313)
[Link] (3 responses)
you already give your carrier rights to update the software on your phone, and their updates can give them anything they want.
besides, do you really want 100 hours of clicking through permission screens to approve every binary and script on a computer before you use it?
> Sneaking into people's houses in the dead of night to secretly copy their keys, even with such 'good intentions', is not fine.
umm, when did they do anything like this?
you do realize that your home locks have a key number associated with them, and that given that key number, any locksmith (and many others) can trivially make a new key that will fit it. In fact, there are far more locks out there then there are different keys, so there is someone else out there carrying keys to their house that will open yours.
Also, if you rent, your landlord keeps a copy of the key to your place.
But leaving aside your flawed analogy,
They didn't sneak in to anything and copy anything. This is something that was on the phone from the time it left the factory, and nobody has shown any evidence that it was used for anything other than accessing the files under /efs/root/, let alone that Samsung has done so.
Posted Mar 13, 2014 18:39 UTC (Thu)
by jhoblitt (subscriber, #77733)
[Link]
Posted Mar 14, 2014 10:51 UTC (Fri)
by cesarb (subscriber, #6266)
[Link]
No I don't.
Only Google (via both the Google Play store and the hidden auto-update of Google Play Services) and Samsung (full Android updates, since mine is yakjuvs instead of yakju I believe it's Samsung instead of Google) can update software on my phone. Other than the auto-updating Google Play Services (com.google.android.gms) and the Google Play store itself (com.android.vending), everything asks for permission before updating, including the full Android updates. I don't even have any software from my carrier on this phone.
My carrier might be able to update the software on the SIM, but the SIM is not the phone, it's a separate (and removable) device.
The phone wasn't even bought from my carrier. The SIM has been used for three phones already, and it was bought together with a feature phone (which is the only one of the three which I bought from my carrier).
Posted Mar 14, 2014 13:08 UTC (Fri)
by ewan (guest, #5533)
[Link]
I really don't. And the upstreams that do get to install updates have to ask each time. And I can examine the OS level updates in advance, if I choose, and application level updates are still supposed to keep within the constraints of the OS sandboxing mechanism, and if they want any extra permissions, they have to ask for them. It's not perfect, but it's a long way off the bleak scenario you outline.
"umm, when did they do anything like this?"
When they installed a backdoor without telling people. It may, as you suggest, have been done to offer useful services to their users, but then their users should have been told about it.
"Also, if you rent, your landlord keeps a copy of the key to your place."
Indeed they do. It is, however, an explicit part of the agreement that I made with them, as are the constraints and conditions under which they may use their copy of the key. As I said, the issue is not in having access, it is in not having consent.
"This is something that was on the phone from the time it left the factory"
The timing's utterly immaterial. There's really no distinction between installing a backdoor on someone's system now, and having installed it a long time ago. It was still done without the user's informed consent.
"and nobody has shown any evidence that it was used for anything other than accessing the files under /efs/root/, let alone that Samsung has done so."
You're really making the case that a backdoor doesn't matter unless there's concrete evidence of it having been used in specific incidents?
Posted Mar 13, 2014 0:37 UTC (Thu)
by excors (subscriber, #95769)
[Link] (1 responses)
You might sensibly choose to use the standard POSIX open()/read()/write() API for that, so your code is portable to different environments. When the modem's environment is an Android device, it has no direct access to storage - the only option is to proxy the filesystem API over some IPC mechanism to Linux, which can access the real filesystem on the modem's behalf. If you're a conscientious developer, you'll probably implement the entire API - open, ftruncate, lseek, mkdir, etc - so that other developers won't trip over missing features. (The functions listed on the Replicant wiki page do look a lot like the POSIX API.)
When it's time to ship a device, you might find that some important configuration file is now being loaded using that API, not merely development/debug data, so you have to continue supporting it. Or you just don't care enough to disable the file API. After all, the modem probably has unrestricted access to the whole of RAM, so it already has to be fully trusted, and you don't lose any real security by giving it this convenient API. (Conversely, if you (as a user) *don't* trust the proprietary firmware blob running on the modem (plus the proprietary firmware blobs on several other processors, and the dozens of other proprietary libraries and applications running on the ARM to support the hardware), you're already screwed before even considering this API.)
It does look a bit sloppy from a security perspective if there is no restriction on what files it can access, but a lot of the lower levels of an Android device look sloppy from a security perspective, so that's no surprise. Device manufacturers tend to care about features and time-to-market, not about security, so that's what they get. You can certainly argue that there should be a much stronger security culture and much greater openness; but there's no reason to assume any malicious intent behind the feature here, and currently no evidence of any malicious use of it.
Posted Mar 14, 2014 10:56 UTC (Fri)
by cesarb (subscriber, #6266)
[Link]
From what I read, it does have a restriction on what files it can access (only files below /efs/root/), the problem is that the restriction is broken (as you said, sloppy...).
Posted Mar 13, 2014 14:08 UTC (Thu)
by rvfh (guest, #31018)
[Link] (7 responses)
Sorry to cut the rest of your post.
The modem, to be cheap enough to sell, has no or very little flash. So indeed, we (I work for another modem making company) add remote filesystem capabilities to modems to write log files, read configuration, calibration, IMEI, these sort of things. In some cases we even use RPC to call kernel functions (guess which processor talks to the PMIC/MC/etc...) That's how nasty we are.
Do we have orders or even enough time to write malicious software? Hell no! We're busy enough implementing the latest bells and whistles that have become mandatory like 300 Mb/s download rates!!!
Believe me, Samsung are not spying on you, they have better things to do with their time!
Posted Mar 13, 2014 19:03 UTC (Thu)
by Darkmere (subscriber, #53695)
[Link] (3 responses)
No, I don't trust you. I think it's actively being abused and it's implicitly allowed by Samsung and others because there is no incentive to fix it or provide security for end users except if they get accused & shamed publicly.
Expect no goodwill. Expect only hostile behaviour until goodwill has been earned.
Posted Mar 13, 2014 19:43 UTC (Thu)
by dlang (guest, #313)
[Link] (2 responses)
It's pretty easy to make your case, show some logs that contain the abuse you are claiming is taking place.
> here is no incentive to fix it or provide security for end users except if they get accused & shamed publicly
well that has taken place, now let's see how they respond.
David Lang
Posted Mar 13, 2014 22:36 UTC (Thu)
by Darkmere (subscriber, #53695)
[Link] (1 responses)
No, I didn't claim. I said _i think_. Also, the stock firmware doesn't appear to log the rpc calls from what I find ( though a most cursory glance)
>> here is no incentive to fix it or provide security for end users except if they get accused & shamed publicly
> well that has taken place, now let's see how they respond.
Based on previous responses and lack of support for devices (Galaxy S2 is one of those exposed) I'd say slim to none.
Posted Mar 14, 2014 11:01 UTC (Fri)
by cesarb (subscriber, #6266)
[Link]
It does seem to log at least the open() calls, see https://lwn.net/Articles/590470/
Posted Mar 21, 2014 3:10 UTC (Fri)
by Max.Hyre (subscriber, #1054)
[Link] (2 responses)
The point is in any sort of security analysis, what the other party can do is what you have to defend against, not what they're doing now, or what they say or you hope they're doing. The fact that the capability is a leftover from debugging, or intended solely to update radio-related files is irrelevant.
Posted Mar 21, 2014 3:48 UTC (Fri)
by raven667 (subscriber, #5198)
[Link]
In computer security you will go crazy if you try to defend against all possible vectors of attack, you have to prioritize on factors a flimsy as what attack is popular at any time, and build threat models to see what parts of the security are actually important to your personal operations because not all vulnerabilities are equal.
Knowing what is likely is a better analysis than just what is possible.
Posted Mar 21, 2014 4:55 UTC (Fri)
by dlang (guest, #313)
[Link]
which is worse a phone carrier that doesn't upgrade their users and leaves them running old, vulnerable software, or a phone carrier that does upgrade their users, but because they can upgrade the core software on the device, could use that upgrade process to do something evil in the future?
If you just look at capabilities, the ability to upgrade the device to arbitrary software in the future is FAR worse than any number of current vulnerabilities
But if you start to include the probability of that being used to attack users, things turn around and the existing vulnerabilities are a far bigger problem
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
And saying that anyone who ever worked for that company should be blacklisted is going even further into the ridiculous.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Sustained, continuous incompetence is a fine reason for a boycott too.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Decades ago, in another life, I was part of a team trying to build Microsoft Office, except we weren’t Microsoft, and Office didn’t yet exist. We (maybe half a dozen?) were just trying to paste together a word processor, a spreadsheet, maybe e-mail and a contact manager, in a way that would be useful to executives and make us filthy rich.
Like this, exactly
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Now that's the reality we're confronted to but I think it's entirely understandable that some people have problems with that and wish that this would change. Some times having a little harsh words towards people who just shrug it off as something that you can't change.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
"you already give your carrier rights to update the software on your phone"
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
Not going to buy any Samsung device again.
I once read a book about spying—factual analysis rather than John le Carré. One of the points that stuck with me was that spying on other countries is based on capability, not intention. If your best-friend country has nukes, you keep pretty much the same undercover eye on them as you do on your known adversary. Anything less would be irresponsible. (And the shock expressed about Angela Merkel and Victoria Nuland is purely show for the groundlings. They all know they're all doing it.)
What they're doing with their time doesn't count
What they're doing with their time doesn't count
What they're doing with their time doesn't count