Super moderator

Enlightened From Within

Rank: 8Rank: 8

Credits
121338
Device
Mi 5s
Online time
1656 Hours
Send PM

Yi Action CameraMi Selfie StickMijia Story TellerMi WiFi Router MiniMi Notebook AirUnlock MedalMi TV 70Mi Power StripMi Water PurifierMijia VR Play 2Mi VRMi VR HeadsetXiaomi 6 LaunchMagic CubeMi MIXMi Yi CameraMi Band 2Mi WiFiMi HeadphonesMi HomeMi Air PurifierMi  BunnyMijia Qi CycleMi BandMi Bluetooth SpeakerMijia Smart PTZ CameraYeelight Bedside LampMi Plastic In-ear PhonesMijia Walkie TalkieMi Power Bank 10000MAH Mi Bluetooth HeadsetXiaomi 7th AnniversaryMarshmallowMIUI 8FlashholicMIUI 7I Love MIUIAwesome!MIUI 2016MIUI Devices ContestFantastic!Redmi Note 3Mi 5s4 Million Forum MembersMi TVMi 4cRocket to FutureXiaomi 6th AnniversaryFan Of MIUI PolandThanksgiving DayMerry ChristmasI Love 2016MIUI Weekly Poll1900K Forum MembersFan Of MIUI Russia1400K Forum MembersMIUI 6th AnniversaryOlympics MedalMIUI Fan From NepalMIUI 300 WeeksUEFA EURO MedalFan Of MIUI IndiaMIUI Fan From MyanmarMIUI Fan from MalaysiaMIUI Fan From SingaporePokemon Master MedalMid-Autumn FestivalMIUI Forum AppFan Of MIUI BangladeshDiwali Happy DiwaliMIUI Fan From IndonesiaMi Live Medal1800K Forum Members1700K Forum Members1500K Forum MembersRooster Year of 2017MIUI World TourMIUI Drawing Talent3500K Forum Members300K Forum MembersFan Of MIUI Ukraine90000 Forum MembersHilal Ramadan Super Sunday1 Million Forum App InstallsMIUI Fan from IndiaMIUI Happy Medal5 Million Forum App InstallsHappy Holi MedalSuper SaturdayXiaomi 5th AnniversaryMIUI Philippines Fan MeetupMIUI P1st AnniversaryFan Of MIUI GreeceMIUI 50 Million UsersMIUI 100 Million UsersMIUI 5th AnniversaryCamera Filter Guru MedalMIUI 9MIUI 7th AnniversaryHappy Singles' DayMIUI SSuper ThursdayMIUI Font LoverSuper MondaySuper FridaySingapore Merlion MedalSurge S1Happy Valentine's DayFan Of MIUI ItalyHappy New YearMIUI Fan from TurkeyMIUI Lucky FridayMIUI 2017Super Tuesday3 Million Forum MembersWomen's Day MedalPuzzle Master10 Million Forum PostsSuper WednesdayMiPopAlpaca Mi Bunny Summer Mi BunnyI Love Mi BunnyGamer Mi BunnyMIUI Review10 Million Forum MembersMIUI FB FollowerHeart to HeartGold Super ModeratorSilver Super ModeratorTechnology GuruStar Wars9 Million Forum MembersXiaomi 8th Anniversary8 Million Forum MembersBlack SharkMIUI Quick DiscussionQuick SurveyNougatOreoStar Of IconsMIUI 8th AnniversaryMIUI Halloween 2017SurpriseMIUI Android 4.4 KitKatMIUI Weekly Devices QuizMIUI KingPioneer of MIUI English Forum Theme TalentMost Active MIUIerMost Popular Forum UserMIUI Ice Bucket ChallengeScroll Of WisdomUpdates LoverMi Bunny Game Master India Independence DayMIUI G+ FollowerMIUI Twitter Follower2017 Annual AwardsMIUI SuperstarOTA Feedback25 Million StrongRingtone ExpertMIUI ExpertHumor MasterDebate MasterAndroid ElfMi TalentDie-hard MIUI FanMIUI FollowerAndroid GuruMi Lover MedalForum Contest LoverMIUI Medals CollectorWallpaper StarApp Star7 Million Forum MembersMaster Of TechnologyMr. DependableMi Story TellerStar Of TechnologyYouth Pledge

[Chat] [Tech Discussion #7]Does Missing Security Patches Gets Phone Ready for Hackers?

  [ Promote]
39100 427 |
18:43, Apr-19-2018 | Via mobile
|
|
Go to reply no.
MIUI Tech Discussion.png

Greetings Dear MIUIers & Mi Fans,
     The Security Research Labs, Germany has disclosed that despite of the lots of efforts by Google to direct OEMs to provide Monthly Android Security Patch to all their Android based Smartphones, it is found that most of the smartphone vendors have failed to do so! SRL has looked under the hood of hundreds of Android phones and it has found a troubling new wrinkle: Not only do many Android phone vendors fail to make Monthly Android Security Patches available to their users or delay their release for months; they sometimes also tell users that their phone's firmware is fully up to date, even when they've secretly skipped the patches.


AndroidSecurity-91620751.jpg

     At the Hack in the Box security conference in Amsterdam, researchers Karsten Nohl and Jakob Lell of the firm Security Research Labs plan to present the results of two years of reverse-engineering, hundreds of Android phone's operating system code, painstakingly checking if each device actually contained the security patches indicated in its settings. They found what they call a "patch gap": In many cases, certain vendor's phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen of patches from that period—leaving phones vulnerable to a broad collection of known hacking techniques.


Screenshot_2018-04-20-10-59-32-917_com.android.settings.png

     "We find that there's a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others," says Nohl, a well-known security researcher and SRL's founder. In the worst cases, Nohl says, Android phone manufacturers intentionally misrepresented when the device had last been patched. "Sometimes smartphone vendors just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best."

     After averaging out the results of every phone tested for each vendor, SRL labs produced the chart below, which splits vendors into three categories based how faithfully their patching claims matched reality in 2017, focusing only on phones that received at least one patch in October of 2017 or later. Phones from major Android vendors including Xiaomi and Nokia had on average between one and three missing patches, and even major vendors like HTC, Motorola, and LG missed between three and four of the patches they claimed to have installed. But the lowest-performing companies on the list were the Chinese firms TCL and ZTE, all of whose phones had on average more than four patches that they'd claimed to have installed, but hadn't.


patches_table-02.jpg

     SRL also points to chip suppliers as one possible reason for missing patches: While phones with processors from Samsung had very few silently skipped patches, ones that used chips from the Taiwanese firm MediaTek lacked a whopping 9.7 patches on average. That may in some cases be simply because cheaper phones are more likely to skip patches, and also tend to use cheaper chips. But in other cases, it's because bugs are found in the phone's chips rather than in its operating system, and the phone manufacturer depends on the chipmaker to offer a patch. As a result, cheaper phones that source chips from lower-end suppliers inherit those suppliers' missed patches. "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem," Nohl says.


patches_table-03.jpg

     More surprisingly, Nohl agrees with Google's other major point: Hacking Android phones by exploiting their missing patches is far harder than it sounds. Even Android phones that don't have solid patching records still benefit from Android's broader security measures, like address space layout randomization—which since Android 4.0 (Lollipop) has randomized the location of a program in memory to make it harder for malware to exploit other parts of the phone—and sandboxing, which limits a malicious program's access to the rest of the device. That means most hacking techniques, known as exploits, that can gain full control of a target Android phone requires taking advantage of a series of vulnerabilities in a phone's software, not just one missed patch. "Even if you miss certain patches, chances are they’re not aligned in a certain way that allows you to exploit them," Nohl says.


Ransomware_sandbox.width-800.jpg

     Nohl cites the security principle of "defense in depth"—that security is most effectively implemented in multiple layers. And every missed patch is potentially one less layer of protection. "You should never make it any easier for the attacker by leaving open bugs that in your view don’t constitute a risk by themselves, but may be one of the pieces of someone else's puzzle," Nohl says. "Defense in depth means install all the patches.


So, what do you think?

Does Missing Android Security Patches Gets Phone Ready For Hackers?

Special Thanks to our admins @Nanana @candicesu & Mi 5s Subforum Management Team!

Source

Favorite28 Share

Rated by 17 people   Experience Prestige Reason  

Suo_Eno + 2 Agreed!
blackfirefly434 + 10 + 5 Awesome!
rahul_09 + 10 + 5 Awesome!
1805291908 + 1 Awesome!
kryon!! + 10 + 3 Fantastic!
kor555 + 1 <font style="vertical-align: inh
1596225176 + 5 Awesome!
chgbhat + 4 Great!
colaus + 5 Great!
fishstinks + 2 Great!
crossfire25 + 10 + 3 Great!
Katrix + 10 + 5 Awesome!
VikuBalupura + 10 + 5 Fantastic!
Ratpenatt + 5 Well Done !!
abhijitdevnath + 10 + 5 Awesome!
KoHsetGyi + 10 + 3 Awesome!
candicesu + 10 Awesome!

Experience +115  Prestige +34  View Rating Log

Elite Member

Rank: 6Rank: 6

Credits
12497
Device
0
Online time
0 Hours
Send PM

Mi  BunnyMijia Smart ShoesMi HomeMi T-ShirtMi BandMi ScaleMijia 360° Panoramic CameraUnlock MedalMi Band 2Mi BoxMi Power BankMi TV 70Mijia Walkie TalkieMagic CubeMi Notebook AirYi Action CameraMi Bluetooth HeadsetMi WiFi RouterNinebot MiniMIUI Devices ContestFantastic!I Love MIUIMarshmallowAwesome!FlashholicMIUI Fan From IndonesiaWomen's Day MedalPuzzle MasterMIUI PSuper MondayXiaomi 6th AnniversaryMIUI Forum AppHappy Valentine's DayMIUI World TourMid-Autumn FestivalMIUI Marathon MedalSuper SaturdayHappy Singles' Day2 Million Forum MembersMIUI Fan from Turkey1st AnniversaryMIUI Weekly PollSuper SundayRocket to FutureMIUI 7th AnniversaryMerry ChristmasMIUI 50 Million UsersMIUI Happy MedalDiwali Happy DiwaliMIUI 2017Happy New YearMIUI Fan From PhilippinesMIUI Lucky FridayMIUI 9MIUI SGamer Mi BunnyAlpaca Mi Bunny Summer Mi BunnyMiPopMr. DependableOTA FeedbackMIUI FollowerHumor MasterTheme Talent25 Million StrongMIUI Halloween 2017MIUI 10Scroll Of WisdomMIUI Twitter Follower6 Million Forum Members2017 Annual AwardsMIUI 8th AnniversaryDiscuss Here10 Million Forum MembersMi DropMost Active MIUIerStar WarsForum Contest Lover8 Million Forum MembersDie-hard MIUI FanAndroid ElfNougatOreoRingtone Expert7 Million Forum MembersMIUI Android 4.4 KitKatMIUI Medals CollectorStar Of TechnologyMi Lover MedalMIUI Quick Discussion9 Million Forum MembersQuick SurveyTechnology GuruSurpriseApp StarMIUI SuperstarBlack SharkMi TalentMIUI FB FollowerMi Story TellerMIUI KingXiaomi 8th AnniversaryDebate MasterAndroid Guru

17:02, Apr-20-2018 | From Redmi Note 4X
|
Yes.

Moderator

ကိုဆက်ကြီး

Rank: 7Rank: 7Rank: 7

Credits
50567
Device
Mi 5s
Online time
1023 Hours
Send PM

Mijia VR Play 2Magic CubeMi BandMi VRMi Bluetooth SpeakerMijia Story TellerMijia Smart PTZ CameraMijia Walkie TalkieMijia Qi CycleMi  BunnyXiaomi 6 LaunchMi Band 2Mijia Smart ShoesMi T-ShirtMi WiFi RouterNinebot MiniMi Notebook AirYi Action CameraMijia Electric ScooterMi HomeMi HeadphonesUnlock MedalMi ScaleMi MIXMi BoxMi Power BankMi Bluetooth HeadsetMi TV 70Xiaomi 7th AnniversaryI Love MIUIFantastic!MIUI 8FlashholicAnTuTuMIUI Devices ContestMarshmallowAwesome!MIUI 20164 Million Forum MembersMi 5sMi 5XXiaomi Mi 6Redmi 3SRedmi ProMi NoteRedmi Note 4Mi 5Mi Note ProSuper ThursdaySuper MondayMerry Christmas3500K Forum MembersFan Of MIUI UkraineFan Of MIUI RussiaSuper WednesdayHappy New YearRooster Year of 2017MIUI World TourMIUI 2017Super Friday2 Million Forum MembersHappy Singles' DayMIUI Fan From Indonesia5 Million Forum App InstallsMIUI S1st AnniversaryMid-Autumn FestivalMIUI Marathon MedalHappy Valentine's DayFan Of MIUI IndiaWomen's Day MedalMIUI Fan From Myanmar300K Forum Members10 Million Forum PostsSuper SaturdayMIUI Font LoverMIUI Happy MedalRocket to FutureMIUI Forum AppXiaomi 6th AnniversaryMIUI 6th AnniversarySuper SundaySuper TuesdayMIUI Fan from Turkey100k Forum MembersMIUI Lucky FridayHilal Ramadan 90000 Forum MembersMIUI Fan From PhilippinesPuzzle MasterFan Of MIUI GreeceMIUI Philippines Fan MeetupMIUI 7th AnniversaryMIUI Weekly PollMIUI 20 Million UsersFan Of MIUI BangladeshMIUI 100 Million UsersMIUI 9500K Forum MembersMIUI PXiaomi 5th AnniversaryHappy DiwaliMIUI 50 Million UsersFan Of MIUI AustraliaDiwali MiPopSummer Mi BunnyGamer Mi BunnyI Love Mi BunnyMIUI ReviewOreoYouth PledgeRedmi 5/Plus9 Million Forum Members10 Million Forum MembersHeart to HeartNougat25 Million Strong8 Million Forum MembersMIUI Weekly Devices QuizStar WarsQuick SurveyMIUI 105 Million Forum MembersBlack SharkRingtone ExpertApp StarMIUI Quick Discussion7 Million Forum MembersSurpriseMIUI 8th Anniversary6 Million Forum MembersXiaomi 8th AnniversaryMr. DependableDiscuss HereMIUI Android 4.4 KitKatAndroid ElfScroll Of WisdomMi Lover MedalMaster Of TechnologyMIUI Twitter FollowerPioneer of MIUI English Forum Debate MasterMIUI Halloween 2017Updates LoverMost Popular Forum UserMIUI SuperstarRedmi Note 5/ProMIUI KingMIUI G+ FollowerMi Story TellerTechnology GuruIndia Independence DayMIUI FollowerMi Note 3MIUI FB FollowerOTA FeedbackAndroid GuruMi Bunny Game Master Die-hard MIUI FanStar Of TechnologyMIUI ExpertMi TalentMIUI Medals CollectorMost Active MIUIer2017 Annual AwardsMi 5XTheme TalentForum Contest Lover

17:22, Apr-20-2018 | From PC
|
sure. That is why most of users request latest security patch.



Reply to notify me.

Platinum Member

Rank: 4

Credits
4168
Device
Redmi Note 4X
Online time
23 Hours
Send PM

Unlock MedalMijia 360° Panoramic CameraMi Notebook AirYi Action CameraI Love MIUI2 Million Forum Members10 Million Forum PostsMIUI Lucky FridayMIUI Happy Medal5 Million Forum App InstallsMIUI 9MIUI PSuper SundaySuper Monday6 Million Forum Members2017 Annual AwardsDebate Master5 Million Forum MembersQuick SurveyHumor MasterXiaomi 8th AnniversaryMIUI Quick DiscussionMIUI Weekly Devices QuizAndroid Guru8 Million Forum MembersOTA FeedbackStar WarsStar Of TechnologyOreoNougatMIUI Follower

18:04, Apr-20-2018 | From Redmi Note 4X
|
If the question is rhetorical, I'm all in...

Platinum Member

Rank: 4

Credits
2154
Device
0
Online time
0 Hours
Send PM

Yi Action CameraI Love MIUIPuzzle MasterMIUI SRocket to FutureMIUI Happy Medal10 Million Forum Posts5 Million Forum App InstallsMIUI FB FollowerApp StarMIUI Quick Discussion5 Million Forum MembersXiaomi 8th AnniversaryQuick SurveyMIUI Weekly Devices QuizAndroid GuruDebate Master8 Million Forum MembersStar Wars

18:47, Apr-20-2018 | From APP
|
Indeed yes

Elite Member

Rank: 6Rank: 6

Credits
7027
Device
0
Online time
0 Hours
Send PM

I Love MIUISuper SundayFan Of MIUI IndiaPuzzle MasterHappy Singles' DayMIUI PMIUI SuperstarForum Contest LoverNougat9 Million Forum MembersMIUI Quick DiscussionMIUI Weekly Devices QuizBlack SharkSurpriseDebate MasterXiaomi 8th AnniversaryMi Story TellerStar WarsAndroid GuruMIUI FB Follower5 Million Forum MembersMi Lover Medal

18:58, Apr-20-2018 | From Redmi 5 Plus
|
indeed yes...

Senior Member

Rank: 2

Credits
196
Device
Redmi 5 Plus
Online time
1 Hours
Send PM

2 Million Forum MembersApp StarStar Wars8 Million Forum MembersMIUI Weekly Devices Quiz

19:16, Apr-20-2018 | From Redmi 5 Plus
|
Thanks

MIUI Beta Team - Global

Rank: 6Rank: 6

Credits
138260
Device
Mi 6
Online time
96 Hours
Send PM

Ninebot MiniMi BandMi ScaleMijia Smart ShoesMi TV 70Mi MIXMi HomeMi BoxMi Notebook AirMijia Smart PTZ CameraMi Bluetooth HeadsetMi T-ShirtNinety Degree LuggageMi Power BankMi WiFi RouterMi Kids WatchUnlock MedalI Love MIUIAwesome!MarshmallowFantastic!MIUI Devices ContestXiaomi Mi 6Mi 5sRedmi Note 4XRocket to FutureSurge S1Diwali Happy DiwaliMIUI Fan From PhilippinesHappy Singles' DayHappy Valentine's DayMIUI World TourMIUI PMIUI SMIUI 7th AnniversaryMIUI 9MIUI Lucky FridayMIUI Happy MedalSuper SaturdayMIUI 50 Million UsersMIUI Marathon MedalHappy New YearPuzzle MasterSuper MondayMerry ChristmasGamer Mi BunnyMiPopPioneer of MIUI English Forum 9 Million Forum MembersMIUI KingMi 8Scroll Of WisdomSurpriseMIUI 10Master Of TechnologyMi TalentRedmi S2MIUI 8th AnniversaryApp Star10 Million Forum MembersTechnology GuruOTA FeedbackTheme TalentMr. DependableMIUI Halloween 2017Youth PledgeMIUI Twitter Follower2017 Annual Awards7 Million Forum MembersMIUI Medals CollectorStar Wars6 Million Forum MembersStar Of TechnologyMi Lover MedalMIUI FollowerDie-hard MIUI FanRedmi 5/PlusXiaomi 8th AnniversaryDebate Master8 Million Forum MembersOreoNougatAndroid ElfMi A1Ringtone ExpertMIUI Quick DiscussionMIUI Weekly Devices QuizForum Contest Lover

19:30, Apr-20-2018 | From Mi 6
|
Yes...
Please use Reply button or do @arbabseyfola. so I can get a notification and reply faster.

Diamond Member

Rank: 5Rank: 5

Credits
1185
Device
Redmi 5A
Online time
2 Hours
Send PM

Yi Action CameraI Love MIUI2 Million Forum MembersRocket to FutureStar WarsMIUI Quick DiscussionApp StarMIUI FB Follower8 Million Forum MembersXiaomi 8th AnniversaryMIUI Weekly Devices QuizAndroid GuruMIUI KingMi Lover MedalDebate Master

19:40, Apr-20-2018 | From Redmi 5A
|
patch or no patch they will hack and hack - that's all they wanna do...

Diamond Member

Rank: 5Rank: 5

Credits
704
Device
0
Online time
4 Hours
Send PM

2 Million Forum MembersMIUI Device TeamApp StarMIUI Quick DiscussionSurpriseNougat8 Million Forum MembersMIUI Weekly Devices QuizXiaomi 8th AnniversaryDebate MasterMIUI KingStar Wars

20:12, Apr-20-2018 | From Redmi 3S
|
They will hack whether there is security patch or not.

Credits Management

Quick Reply Top Return to the list