Thread: Dual SIM phones was:Worker killed by Southern train was covering for brother
View Single Post
  #137   Report Post  
Old July 20th 19, 08:55 AM posted to uk.railway,uk.transport.london
[email protected] martin.coffee@round-midnight.org.uk is offline
external usenet poster
  
First recorded activity at LondonBanter: Jul 2019
Posts: 60
Default Dual SIM phones was:Worker killed by Southern train was coveringfor brother
On 20/07/2019 09:25, David Walters wrote:
On Fri, 19 Jul 2019 21:32:17 +0100, Roland Perry wrote:
In message , at 14:36:40 on
Thu, 18 Jul 2019, David Walters remarked:
On Thu, 18 Jul 2019 13:32:23 +0100, Roland Perry wrote:
In message , at 11:07:01 on
Thu, 18 Jul 2019, David Walters remarked:
On Wed, 17 Jul 2019 19:03:26 +0100, Roland Perry wrote:
In message , at 16:15:25 on
Wed, 17 Jul 2019, David Walters remarked:
Ooh, that's a bit strong..! What's wrong with old phones, anyway..?

For a 'dumbphone', not a lot.

Using a smartphone once it no longer receives security patches isn't
something I would do personally.

What's the main threat you are trying to avoid?

Mostly some malware getting installed via a remote or drive-by
vulnerability.

What kinds of drive-by malware has been known to be delivered via apps
like Facebook and Twitter?

I'm not aware of any but I use many other apps on my smartphone such
as Chrome which has had bugs exploited in the past. One example is at
https://www.helpnetsecurity.com/2016...droid-malware/.
That still requires an extra step but a similar bug might not.

That's fixed by an upgrade to the browser app, which I don't regard as
coming into the category of "software patches [that one might no longer
be getting].

My phone which isn't getting *Android* updates, has still managed to
automatically update itself to Chrome dated 4th June 2019. Which is the
latest release version.

There is a list of 5 remote code execution
bugs in Android that have been patched this month at
https://source.android.com/security/bulletin/2019-07-01. It's a similar
list for June, May, April etc.

What is the malware trying to achieve.

Perhaps it will be combined with some kind of permissions exploit that
means it can harvest data from other apps which in my case would include
my banking details/tokens. I could not have banking apps on my smartphone
but I choose to for the convenience and balance some of the risk by
having an up to date OS. Your choice might be different.

Indeed. I would never have a banking app on my phone unless it was of
very little importance. Although like Chrome, I'd hope to be getting
updates to the *app* which in turn had countermeasures for know exploits
within *Android*.

If someone has root on the device I don't think any individual app can
keep itself secure anymore. Many apps will try and detect a jailbroken
device and disable themselves but it isn't clear to me that that detection
is infallible. Better to take reasonable steps to secure the device
which includes security patches IMHO.

I have a device which I know is not jailbroken but the Wetherspoon
ordering app insists otherwise.
Reply With QuoteReply With Quote