Security, Linux and the Roving BugThis is a discussion on Security, Linux and the Roving Bug within the Unix and OS Discussions forums in Database and Unix Discussions category; CBFalconer wrote: > Dean G. wrote: >> >... snip ... >> >> Most people who have zombieware do not know it. There are several >> million Windows boxes that have been so compromised, and most of >> these users would undoubtedly rid themselves of the problem if >> they only knew about it. > >They usually know about it. Not in my experience. Not until things get REALLY bad. >They don't know how to eliminate That's for sure. Virus scanners? Worthless! >and/or avoid it in the first place. Blame M$ for encouraging (indeed, almost requiring) users to run as admin.... | ||||||||
| | ||||||||
| ||||||||
| Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#21
06-29-2007, 09:54 AM
|
 Re: Security, Linux and the Roving Bug CBFalconer wrote: >"Dean G." wrote: >> >... snip ... >> >> Most people who have zombieware do not know it. There are several >> million Windows boxes that have been so compromised, and most of >> these users would undoubtedly rid themselves of the problem if >> they only knew about it. > >They usually know about it. Not in my experience. Not until things get REALLY bad. >They don't know how to eliminate That's for sure. Virus scanners? Worthless! >and/or avoid it in the first place. Blame M$ for encouraging (indeed, almost requiring) users to run as admin.  |
|
#22
06-29-2007, 10:56 AM
|
| Re: Security, Linux and the Roving Bug In article <13885j98uu1do0b@corp.supernews.com>, CptDondo > It seems to be more a bug in the cell-phone protocol/hardware. Or > possibly a hardware mod to the cell phones. I can well imagine the cell > phone companies would have a way to update the firmware in your phone > remotely. Actually, it seems to be none of the above. It's more likely to be total BS. http://www.computerworld.com/action/...ArticleBasic&t axonomyName=mobile_and_wireless&articleId=9025893 |
|
#23
06-29-2007, 12:48 PM
|
| Re: Security, Linux and the Roving Bug In comp.os.linux.advocacy, CptDondo wrote on Thu, 28 Jun 2007 13:37:47 -0700 <13887544la6c37f@corp.supernews.com>: > Nedd Ludd wrote: > >> >> To summarize the points: >> a) Cell phones are vulnerable to hackers via the 'Roving Bug'. >> Hackers include the government but also juvenile "l33t haxor" brats. >> b) The cell phones that are vulnerable include the Razr which runs Linux. >> c) Linux has a huge security vulnerability. >> The open source community has known about the vulnerability. >> The open source community has done nothing to fix the vulnerability. >> Linux's security vulnerabilities persist. >> >> The above is a list of documented facts. The facts illustrate a weakness in >> Linux. No one will come forward and point me to a link where a fix to the >> Roving Bug is available for download. > > Please demonstrate. > > If we take your points a) and b), I could just as easily say, > > The cell phones that are vulnerable include those that come in blue. > Therefore all blue phones (and only blue phones) are vulnerable. > Furthermore, it is the fault of the blue color that they are vulnerable. > > So far, I have not seen anything that would indicate that this is a > *linux* issue. It is, AFAICT, a cell phone issue. > > The ability to remotely turn on the mike must be in the hardware; I know > of no such ability within the linux kernel. > > Presumably, once the phone is off, the linux kernel is not running; yet > according to the reports, the phone can still transmit conversations. That is an interesting but probably false assumption, though I'll admit to some curiosity on the details. Presumably, there are three modes: [1] The thing is really off, as in removal-of-the-battery-pack off. Some might also have a power switch that cannot be remotely actuated. Windows, Linux, Symbian, HURD -- it doesn't matter; only one's finger (or brushing against something) can flip that switch. [2] The thing is in a mode where it takes a minimum of power, listening to its antenna at most, waiting for a call. IINM, this is "standby" mode, and is characterized by low power consumption. This is the mode which is allegedly hackable, according to the OP. Whether it's actually possible may depend on the phone. [3] The thing is on and the mike and speaker are active, either for an actual phone call or for video. Which mode is everyone's cell phone in? Most likely, [2]. This is not off, just on standby. This problem is not limited to phones, of course, though laptops and other such units have different dynamics. And of course it is not a weakness in Linux per se, but in the entire system. At most, there might be a weakness in Linux for allowing a transition from [2] to [3] without proper user authorization -- and that's assuming Linux gets involved at that level, as presumably it will punt to a module that is part of Linux to do the actual gruntwork. > > How is this then a linux issue? Is the linux kernel imbued with some > ghost geekiness that allows it to run even if shut off? > attempts to power it off, sucking the energy from the ether? IBM z-systems do have such an "uberkernel" -- z-OS -- but are far larger than one's normal portable device. :-) -- #191, ewill3-at-earthlink.net Is it cheaper to learn Linux, or to hire someone to fix your Windows problems? -- Posted via a free Usenet account from http://www.teranews.com |
|
#24
06-29-2007, 01:03 PM
|
| Re: Security, Linux and the Roving Bug The Man wrote: > >> The only reason it's not *also* a windows problem is that windows can't >> possibly run on a cellphone.... > > http://www.windowsfordevices.com/art...468909181.html > > Do you have any other clueless comments you'd like to make Cpt Dungo? Those are "smartphones" and PDA. Not what I call a cellphone. My linux-based Motorola is about 3.5 x 1.75", way smaller and lighter than the PDAs listed in that article. >> As to the "horror story" - why don't they get a prepaid phone? > Because prepaid phones suck. > >> Or do away with cell phones altogether? > Sure. And let's do away with electricity too. I have 5 stray cats that like to roll around on a particular doormat on my deck. It's really aggavating, as they fight over it, and leave cat**** and cathair all over the place. I could call the paper and police and whatever, and whine about the horrible state of stray cats. Or I could just fold the doormat over so the cats can't get to the scratchy part. Hmmm... You decide. And, BTW, I've met Einstein's daugher and secretary several times. And sat in his chair. (And probably peed in the same urinal....) So calling me "Einstein" is pretty neat. --Yan |
|
#25
06-29-2007, 01:13 PM
|
| Re: Security, Linux and the Roving Bug The Ghost In The Machine wrote: > In comp.os.linux.advocacy, CptDondo > >> >> Presumably, once the phone is off, the linux kernel is not running; yet >> according to the reports, the phone can still transmit conversations. > > That is an interesting but probably false assumption, > though I'll admit to some curiosity on the details. > Presumably, there are three modes: > > [1] The thing is really off, as in > removal-of-the-battery-pack off. Some might also > have a power switch that cannot be remotely actuated. > Windows, Linux, Symbian, HURD -- it doesn't matter; > only one's finger (or brushing against something) > can flip that switch. > > [2] The thing is in a mode where it takes a minimum of > power, listening to its antenna at most, waiting > for a call. IINM, this is "standby" mode, and is > characterized by low power consumption. This is the > mode which is allegedly hackable, according to the OP. > Whether it's actually possible may depend on the phone. > > [3] The thing is on and the mike and speaker are active, > either for an actual phone call or for video. > > Which mode is everyone's cell phone in? Most likely, [2]. > This is not off, just on standby. > I am somewhat curious about this as well. All the phones I've seen, when "off" - i.e. power button pushed - are pretty much doorstops. When you push the power button, they go through a boot process - display a logo, show some graphics, play a cheesy sound - so I would assume the kernel is booting. I can't see how a phone in the off state can transmit anything unless specially modified. In standby, there is a way for the phone to wake up - incoming calls, flip it open, etc. Presumably in this state the phone can be updated remotely. I actually turn mine off quite a bit; whenever I don't want to be disturbed. Heck, I leave it at home when I go on vacation. I still stand by my original statement - if the phone bothers you, get rid of it. It's really simple. Use a landline. |
|
#26
06-29-2007, 01:50 PM
|
| Re: Security, Linux and the Roving Bug On Jun 28, 3:43 pm, "Cassandra" > Her advocates claim Linux is more secure than Windows and as proof they > offer > the list of viruses that target Windows. The rebuttal is typically that > Window is an attractive target for virus writers due to its ubiquity. The > Linux advocate's reply is that, Linux's architecture makes it impossible to > hack. I think we've all seen this exchange. Whether Linux is immune from > hacking is an open question. What if Linux were ubiquitous? Would hackers > try to break in? Could hackers succeed? The answer to these questions is > yes. > > Motorola has embraced Linux as the OS to run on its line of cell phones > (http://news.com.com/2100-1001-984424.html). The following link includes > over a dozen cell phone offering, including the Razr, which feature Linux:http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a leading > cell phone company. Motorola's market share has reached the critical mass > required to make the devices attractive to the l33t haxtorz. > > Cell phones are venerable to a security threat called 'The Roving Bug'. The > bug allows people to listen in on you conversations even when the cell phone > is off. People can remotely turn on your cell phone, listen in on your > conversations, upload and download data, and take photos without you knowing > it. The only way to secure your cell phone and your privacy is to remove > the > battery. > > Here's what one site has to say: > > http://hootsbuddy.blogspot.com/2006/...oving-bug.html > > The article says, ". the Motorola Razr [running Linux] are especially > venerable ." > > It turns out that Linux's security model is porous as a sieve. Devices > running Linux are being hacked and taken over by remote hackers. The > security hole persists even when the device is turned off. But is it some > secret 'back door' that only the government knows how to access? Nope, the > world knows how to by pass and exploit Linux's so-called security. Here's a > horror story describing the hell created because of Linux's weak security:http://www.thenewstribune.com/news/c...ory/91460.html. > > I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I > reply, "Irrelevant!" > > This issue is about a bug in Linux. This is about a known bug in Linux > that's been hanging around for months. It is a bug a known bug in Linux > that's been hanging around for months that has not been fixed. This is > about > a security hole in Linux. Windows is not the issue here. This is a Linux > problem and not a Windows problem. This post is weird, because it has more to do with how the phone was designed and how they made their linux flavor work, than an actual problem with linux. Not only that, since the phone os is closed source, it's their responsibility to fix the bug anyway, and the OSS community doesn't have anything to do with it. I'm going to go ahead and make a generalized statement about telco -- they way over- complicate things so they can charge outrageous prices for their support. This is nothing more than a phone company doing the same as phone companies have always done. Really this is a linux advocacy forum and you bringing an argument in here about an embedded os on a propietary system doesn't really fight linux or support it, stick to the cellular forums |
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
All times are GMT -4. The time now is 10:22 AM.
