Skip to main content

View Diary: Six ways your electronica owns you (85 comments)

Comment Preferences

  •  "Default Google stuff" doesn't mean much... (1+ / 0-)
    Recommended by:
    Throw The Bums Out

    when most Android phones are running customized software provided by the carrier. Lots of them have crap like Amazon stuff pre-installed and activated.

    I'm sure companies like Amazon are trying to push wireless carriers to include their apps by default... (It'd be bad business sense not to!)

    Not many people have a "stock" build of Android software without some sort of additional junk being installed. The ones who do are probably the few who would actually pass your proposed test of going through Settings/Preferences. :)

    •  Actually, it's harder than that. To install a (1+ / 0-)
      Recommended by:
      holeworm

      "stock" build of Android you have to actually hack your phone because normally the bootloader will only boot a digitally signed and approved version of the OS.  In the case of my Thunderbolt that meant installing Linux in Virtualbox (because for some reason Windows ADB didn't work right), downgrading the kernel on the phone manually using a security exploit and the dd command, downgrading the ROM/OS, using another security exploit to make the NAND/flash writable, replace the bootloader via the command line and "dd" again, then install whatever version of Android you want.  On the other hand, the Galaxy S3 only required installing a custom recovery via ODIN (only a few clicks and turning on the phone with the home and volume buttons pressed) and then installing the unlocked bootloader.

      You have watched Faux News, now lose 2d10 SAN.

      by Throw The Bums Out on Tue Mar 12, 2013 at 08:29:45 PM PDT

      [ Parent ]

      •  Well, or buy a Google Nexus/etc, though I've done (2+ / 0-)
        Recommended by:
        Throw The Bums Out, nightsweat

        the unlock drill on a few phones myself. It's indeed a pain. I did have one older phone (a myTouch variant? I think) where I actually did have to do as you said and dd the goddamn firmware onto the phone over USB serial after hacking the bootloader. :) Some phones are easier than others...

        Thus my suggestion that the folks who would know what's up in Settings/Prefs are really just the folks like you who know how to do that kinda stuff... :) (I guess the folks who'll shell out the extra cash for an unlocked Google phone without the added carrier crap probably fall into that camp too.)

        •  Well I have had to physically disassemble a PSP (2+ / 0-)
          Recommended by:
          holeworm, Justus

          battery and clip one of the pins (it's called a Pandora battery, basically you set the serial number to 0xff by disabling the battery's EEPROM memory) in order to hack it.  I am not running vanilla android but I am running a custom rom with the pdroid (permission overrides, and even lets you give apps a random gps location each time they ask) patch and lots of bloat disabled.  Of course, I blocked updates by renaming otacerts.zip as well.  However, even with a stock version of Android it is still possible to embed spyware into the baseband (radio) firmware.

          Also, checking the permissions means nothing as any system app that runs as root can ignore permissions.  See FakeGPS which can work even without mock locations enabled if you push it to /system/app (which you have to do yourself via adb).  The only way to tell if the carrier installed Amazon will do stuff like that is to decompile it which even I can't do (I am also not very good at soldering, thankfully pretty much everything is softmods nowadays).

          You have watched Faux News, now lose 2d10 SAN.

          by Throw The Bums Out on Tue Mar 12, 2013 at 08:52:54 PM PDT

          [ Parent ]

          •  Hmm, I hadn't seen pdroid/FakeGPS before, have to (2+ / 0-)
            Recommended by:
            Justus, Throw The Bums Out

            look into those... Looks like I need a new ROM for pdroid support, though.

            But FakeGPS is definitely useful; I'm playing with it right now! Too many crappy apps demanding permissions that they don't need... Now I can just easily let them know I'm in Antarctica, at least for location. (Though it looks like it doesn't play well with network/wifi-based location...guess a kernel-level hack is needed for that.)

            Tcpdumping is also quite useful, if you're looking at things like carrier-installed crap. (E.g., use wifi then tcpdump on your router.) I've found carrier-installed junk transmitting data to random locations when tcpdumping my phone's traffic...

            Annoying how much goddamn trouble we have to go to to ensure some minimal privacy, isn't it? (And how nobody really cares until the inevitable occasional security breach or malware pops up...)

            •  If you are using a AOSP/AOKP/Cyanogen (1+ / 0-)
              Recommended by:
              holeworm

              ROM there is an autopatcher that will make them pdroid compatible.  Oh, and while LBE Privacy Guard can do the same thing (though it runs as a service so there is a brief period of time where apps can sneak around it) it is not compatible with Android 3.x/4.x and the English version is no longer being updated.  Oh, and don't forget SetDNS for being able to use your own DNS severs instead of Verizon/ATT/Sprint's (and TitaniumBackup for creating encrypted backups of all your data and apps).

              As for security, are you aware that Sony used the same exact number as the "random number" for generating their PS3 keys which made cracking them a matter of simple algebra?  That's right, the "unbreakable" PS3 laid low by a simple act of stupidity in key generation.

              But yes, isn't it sad that you have to hack into your own computer to get any kind of reasonable security on phones/tablets nowadays?  Note that blackberry has permission revocation/customization built in.  For a while Cyanogenmod did as well but it was removed for "being hostile to advertisers".

              You have watched Faux News, now lose 2d10 SAN.

              by Throw The Bums Out on Tue Mar 12, 2013 at 09:37:05 PM PDT

              [ Parent ]

              •  I'm paranoid enough to SetDNS and log it all :) (1+ / 0-)
                Recommended by:
                Throw The Bums Out

                Pointed at one of my servers [non-VPS, since I don't even trust the privilege separation on the various virtualization engines, having audited enough of that code in the past...]

                Hmm, it looks like the Cyanogen version I have will work with a pdroid patch. Will have to play with that in the morning!

                Even worse than it being sad that we have to hack our own devices for privacy, we now have to worry about the legalities of doing so of course. :(

                •  Yes, especially software hypervisors that don't (1+ / 0-)
                  Recommended by:
                  holeworm

                  take advantage of hardware virtualization (and thus rely on code scanning) are known for being able to break out of.  Ever wonder why OS/2 doesn't work on most of them unless they use hardware virtualization extensions?  Oh, and don't think that even using a full hardware emulator like Dosbox or Bochs will save you if someone really knows what they are doing either.  In fact, some people have broken out of the PSP emulator on the Vita to run native Vita code though nothing has been released publicly yet.

                  Of course, any carrier stuff that wanted to be nasty would use it's own custom DNS querying code and would send everything encrypted to a generic address like an Amazon AWS server using a nonstandard protocol, most likely UDP based.  I guess you have never heard of TCP/IP over SMS either.

                  You have watched Faux News, now lose 2d10 SAN.

                  by Throw The Bums Out on Tue Mar 12, 2013 at 10:53:39 PM PDT

                  [ Parent ]

                  •  I did TCP over DNS at 30K ft recently for fun :) (1+ / 0-)
                    Recommended by:
                    Throw The Bums Out

                    (Not going into what that actually is, but I'm pretty sure you get the idea! But really, it was just to see if it would still work after all these years. And it did...slowly!)

                    And yeah, the carrier crap is amusingly unhidden. It's not worth their while to obfuscate it over other protocols.

                    I think both of us could think of some truly evil ways to hide that crap...e.g. over anonymous tunneled P2P. I hope the day doesn't come when carriers start doing stuff like that to force customers into using their shitty software...

                    •  Yes I have heard of TCP over DNS, which was (0+ / 0-)

                      sometimes used to get around those for pay hotspots (because they didn't filter or redirect DNS traffic) before they caught on.  But yes, carriers just like many other companies are pretty stupid (remember how easy it was to find the PS3 private keys?).  Of course, they aren't willing to spend thousands if not millions of man hours just for the fame and glory even if it isn't cost effective (see the recent project to decap and scan the chips in the 3DS with an electron microscope) which is what gives our side a huge advantage.

                      You have watched Faux News, now lose 2d10 SAN.

                      by Throw The Bums Out on Tue Mar 12, 2013 at 11:14:27 PM PDT

                      [ Parent ]

            •  Oh, and pdroid doesn't affect internet access (1+ / 0-)
              Recommended by:
              holeworm

              permissions so you need droidwall (interface to iptables) as well.

              You have watched Faux News, now lose 2d10 SAN.

              by Throw The Bums Out on Tue Mar 12, 2013 at 09:44:18 PM PDT

              [ Parent ]

          •  Spooky (0+ / 0-)

            Went to the link for the FakeGPS and in a little green box, it said:

            "This app is compatible with your [Wireless Carrier] [Phone Brand][Model]".

            And I'm not looking at it on that phone.

            Wait, WiFi is turned on, so maybe it got that through the router????

            •  No, it got it from the google market. There is (1+ / 0-)
              Recommended by:
              Justus

              a file on your phone called build.prop that has that information in it.  As different phones have different CPUs and GPUs (graphics cards) some things, especially high end games, may not work with all phones.  Remember, Android is available for ARM (all the way down to arm v6, kind of like how you had the 386, 486, pentium, pentium 2, pentium 3, pentium 4, i3, i5, and i7), MIPS, and even x86 like your desktop so anything written using native code rather than just Dalvik (i.e. Java, sort of).  Have you had any luck running any PS3 games on your PC recently?

              You have watched Faux News, now lose 2d10 SAN.

              by Throw The Bums Out on Tue Mar 12, 2013 at 09:40:33 PM PDT

              [ Parent ]

              •  Truly Lucky re: PlayStation (0+ / 0-)

                I've seen ads for it (them?), but never used one.  And I have no idea what an ARM is in this context.  

                And I am not likely to study up on it, either, unless I have to.

                •  ARM is a type of CPU designed for mobile/low (1+ / 0-)
                  Recommended by:
                  holeworm

                  power devices which is incompatible with the regular x86 ones in your desktop computer.  As ARM, MIPS, and x86 CPUs are incompatible with each other the software either has to be written using Dalvik (which is write once, run anywhere like Java or Flash) or it has to be rewritten (or at least recompiled) for each one.  Even then sometimes an earlier version of the same one won't be compatible.  Just try running Flash on a Pentium CPU, even a 1GHz Pentium (Xcore86 system on a chip, to be exact) and it won't work because it needs newer instructions not available on Pentium/i586.

                  The Playstaton Portable was Sony's attempt to compete with the Nintendo DS (the Vita is also known as the PSP2/Playstation Portable 2), however because it has a pretty powerful CPU it can be modified using custom (hacked) firmware to run emulators.  Also, it is compatible with the PS1 without having to do full CPU emulation (think Virtualbox/Parallels, not Dosbox).  It turned out that early models had a special recovery mode (which is what Sony uses to rescue a "bricked" system) that could be activated with a specially modified battery which could then be used to fully hack the system.  Of course, later on (after the PS3 was hacked) it was discovered how to "sign" your own software (including custom firmware installers) so it can run without any other hacks because the system thinks it is an official game or demo.

                  You have watched Faux News, now lose 2d10 SAN.

                  by Throw The Bums Out on Tue Mar 12, 2013 at 10:47:48 PM PDT

                  [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site