Super moderator

Enlightened From Within

Rank: 8Rank: 8

Credits
114473
Device
Mi 5s
Online time
1556 Hours
Send PM

Mi Band 2Mi Plastic In-ear PhonesMi Power Bank 10000MAH Magic CubeMi VRMi MIXUnlock MedalMi HeadphonesMijia VR Play 2Mi Air PurifierMijia Story TellerMi Water PurifierMi WiFiMi Power StripMi BandMi VR HeadsetYi Action CameraMi Yi CameraMi TV 70Mi Selfie StickMi HomeXiaomi 6 LaunchMijia Smart PTZ CameraMijia Qi CycleMi  BunnyMijia Walkie TalkieYeelight Bedside LampMi Bluetooth SpeakerMi WiFi Router MiniMi Notebook AirMi Bluetooth HeadsetXiaomi 7th AnniversaryMarshmallowFlashholicAwesome!MIUI 2016MIUI 8I Love MIUIMIUI Devices ContestMIUI 7Fantastic!Mi 5sMi 4cRedmi Note 3Mi TV4 Million Forum MembersFan Of MIUI IndiaMIUI 6th AnniversaryMIUI Weekly PollUEFA EURO MedalHappy Singles' DayFan Of MIUI RussiaThanksgiving DayRocket to FutureMIUI Fan from MalaysiaMerry ChristmasPokemon Master MedalMIUI SXiaomi 6th Anniversary1900K Forum Members1500K Forum Members1400K Forum MembersOlympics MedalMIUI Fan From Nepal1700K Forum MembersMid-Autumn FestivalMIUI 300 WeeksMIUI Forum App1800K Forum MembersMIUI Fan From MyanmarMIUI Fan From IndonesiaMIUI World TourRooster Year of 2017MIUI Fan From SingaporeHappy DiwaliMi Live MedalFan Of MIUI BangladeshDiwali Fan Of MIUI PolandI Love 2016MIUI Fan from IndiaMIUI Happy Medal5 Million Forum App InstallsHappy Holi MedalSuper SaturdaySuper Thursday3 Million Forum MembersMIUI Philippines Fan MeetupMIUI 50 Million Users1st Anniversary10 Million Forum PostsMIUI Font LoverSuper Sunday1 Million Forum App InstallsHilal Ramadan Xiaomi 5th AnniversaryMIUI 100 Million Users90000 Forum MembersFan Of MIUI Greece300K Forum Members3500K Forum MembersMIUI PFan Of MIUI UkraineWomen's Day MedalSuper WednesdayHappy Valentine's DayMIUI 5th AnniversaryMIUI 7th AnniversaryMIUI 9Camera Filter Guru MedalFan Of MIUI ItalyHappy New YearMIUI Fan from TurkeyMIUI Drawing TalentMIUI Lucky FridaySuper TuesdaySuper MondaySurge S1MIUI 2017Singapore Merlion MedalSuper FridayPuzzle MasterMiPopAlpaca Mi Bunny Summer Mi BunnyI Love Mi BunnyGamer Mi BunnyMIUI ReviewMIUI Android 4.4 KitKatStar Of IconsOTA FeedbackMIUI SuperstarMIUI FB FollowerMIUI Weekly Devices QuizXiaomi 8th AnniversaryBlack SharkMIUI G+ FollowerMIUI Twitter Follower2017 Annual Awards9 Million Forum MembersSurpriseQuick SurveyOreoMIUI Quick DiscussionMIUI Halloween 20178 Million Forum MembersRingtone ExpertNougatStar WarsTechnology GuruForum Contest LoverMaster Of TechnologyWallpaper StarMr. DependableMIUI Ice Bucket ChallengeMi Story TellerStar Of TechnologyUpdates LoverApp StarMIUI ExpertScroll Of Wisdom7 Million Forum MembersHumor MasterMIUI KingMost Popular Forum UserMIUI Medals CollectorMi Lover MedalMIUI FollowerMi Bunny Game Master Android GuruIndia Independence DayYouth PledgeMost Active MIUIerDie-hard MIUI FanAndroid ElfMi TalentPioneer of MIUI English Forum Theme TalentDebate Master25 Million Strong

[Chat] [Tech Discussion #7]Does Missing Security Patches Gets Phone Ready for Hackers?

  [ Promote]
37685 424 |
18:43, Apr-19-2018 | Via mobile
|
|
Go to reply no.
MIUI Tech Discussion.png

Greetings Dear MIUIers & Mi Fans,
     The Security Research Labs, Germany has disclosed that despite of the lots of efforts by Google to direct OEMs to provide Monthly Android Security Patch to all their Android based Smartphones, it is found that most of the smartphone vendors have failed to do so! SRL has looked under the hood of hundreds of Android phones and it has found a troubling new wrinkle: Not only do many Android phone vendors fail to make Monthly Android Security Patches available to their users or delay their release for months; they sometimes also tell users that their phone's firmware is fully up to date, even when they've secretly skipped the patches.


AndroidSecurity-91620751.jpg

     At the Hack in the Box security conference in Amsterdam, researchers Karsten Nohl and Jakob Lell of the firm Security Research Labs plan to present the results of two years of reverse-engineering, hundreds of Android phone's operating system code, painstakingly checking if each device actually contained the security patches indicated in its settings. They found what they call a "patch gap": In many cases, certain vendor's phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen of patches from that period—leaving phones vulnerable to a broad collection of known hacking techniques.


Screenshot_2018-04-20-10-59-32-917_com.android.settings.png

     "We find that there's a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others," says Nohl, a well-known security researcher and SRL's founder. In the worst cases, Nohl says, Android phone manufacturers intentionally misrepresented when the device had last been patched. "Sometimes smartphone vendors just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best."

     After averaging out the results of every phone tested for each vendor, SRL labs produced the chart below, which splits vendors into three categories based how faithfully their patching claims matched reality in 2017, focusing only on phones that received at least one patch in October of 2017 or later. Phones from major Android vendors including Xiaomi and Nokia had on average between one and three missing patches, and even major vendors like HTC, Motorola, and LG missed between three and four of the patches they claimed to have installed. But the lowest-performing companies on the list were the Chinese firms TCL and ZTE, all of whose phones had on average more than four patches that they'd claimed to have installed, but hadn't.


patches_table-02.jpg

     SRL also points to chip suppliers as one possible reason for missing patches: While phones with processors from Samsung had very few silently skipped patches, ones that used chips from the Taiwanese firm MediaTek lacked a whopping 9.7 patches on average. That may in some cases be simply because cheaper phones are more likely to skip patches, and also tend to use cheaper chips. But in other cases, it's because bugs are found in the phone's chips rather than in its operating system, and the phone manufacturer depends on the chipmaker to offer a patch. As a result, cheaper phones that source chips from lower-end suppliers inherit those suppliers' missed patches. "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem," Nohl says.


patches_table-03.jpg

     More surprisingly, Nohl agrees with Google's other major point: Hacking Android phones by exploiting their missing patches is far harder than it sounds. Even Android phones that don't have solid patching records still benefit from Android's broader security measures, like address space layout randomization—which since Android 4.0 (Lollipop) has randomized the location of a program in memory to make it harder for malware to exploit other parts of the phone—and sandboxing, which limits a malicious program's access to the rest of the device. That means most hacking techniques, known as exploits, that can gain full control of a target Android phone requires taking advantage of a series of vulnerabilities in a phone's software, not just one missed patch. "Even if you miss certain patches, chances are they’re not aligned in a certain way that allows you to exploit them," Nohl says.


Ransomware_sandbox.width-800.jpg

     Nohl cites the security principle of "defense in depth"—that security is most effectively implemented in multiple layers. And every missed patch is potentially one less layer of protection. "You should never make it any easier for the attacker by leaving open bugs that in your view don’t constitute a risk by themselves, but may be one of the pieces of someone else's puzzle," Nohl says. "Defense in depth means install all the patches.


So, what do you think?

Does Missing Android Security Patches Gets Phone Ready For Hackers?

Special Thanks to our admins @Nanana @candicesu & Mi 5s Subforum Management Team!

Source

Favorite28 Share

Rated by 17 people   Experience Prestige Reason  

Suo_Eno + 2 Agreed!
blackfirefly434 + 10 + 5 Awesome!
rahul_09 + 10 + 5 Awesome!
1805291908 + 1 Awesome!
kryon!! + 10 + 3 Fantastic!
kor555 + 1 <font style="vertical-align: inh
1596225176 + 5 Awesome!
chgbhat + 4 Great!
colaus + 5 Great!
fishstinks + 2 Great!
crossfire25 + 10 + 3 Great!
Katrix + 10 + 5 Awesome!
VikuBalupura + 10 + 5 Fantastic!
Ratpenatt + 5 Well Done !!
abhijitdevnath + 10 + 5 Awesome!
KoHsetGyi + 10 + 3 Awesome!
candicesu + 10 Awesome!

Experience +115  Prestige +34  View Rating Log

Elite Member

Rank: 6Rank: 6

Credits
8439
Device
0
Online time
0 Hours
Send PM

Mijia 360° Panoramic CameraMi BoxUnlock MedalMi Band 2Mi ScaleMagic CubeMi Notebook AirMi TV 70Yi Action CameraMi HomeMijia Walkie TalkieMi Bluetooth HeadsetMIUI Devices ContestMarshmallowFlashholicFantastic!Awesome!I Love MIUIPuzzle MasterMIUI Lucky FridaySuper SundayHappy Singles' Day2 Million Forum MembersMIUI Fan from Turkey1st AnniversaryMIUI Weekly PollMIUI Fan From IndonesiaWomen's Day MedalSuper MondayMIUI Fan From PhilippinesMIUI PMIUI 9MIUI 50 Million UsersMIUI 2017Happy DiwaliHappy New YearMerry ChristmasMIUI Happy MedalDiwali Rocket to FutureMIUI SMIUI 7th AnniversaryGamer Mi BunnyMi Story TellerXiaomi 8th AnniversaryStar WarsMIUI KingQuick SurveyMi TalentMost Active MIUIerDebate MasterMIUI Twitter FollowerApp StarSurprise9 Million Forum MembersMIUI FB Follower2017 Annual AwardsBlack SharkMIUI SuperstarForum Contest Lover8 Million Forum MembersTechnology GuruScroll Of WisdomMIUI Android 4.4 KitKatAndroid Guru7 Million Forum MembersRingtone ExpertMi Lover MedalMIUI Medals CollectorStar Of TechnologyMIUI Quick DiscussionAndroid ElfTheme TalentNougatDie-hard MIUI FanOTA FeedbackMIUI FollowerOreoMIUI Halloween 2017Mr. Dependable

17:02, Apr-20-2018 | From Redmi Note 4X
|
Yes.

Moderator

ကိုဆက်ကြီး

Rank: 7Rank: 7Rank: 7

Credits
41724
Device
Mi 5s
Online time
843 Hours
Send PM

Mi MIXMijia Walkie TalkieMijia Qi CycleMijia Smart PTZ CameraMi ScaleMi VRMi Notebook AirMi  BunnyYi Action CameraMijia VR Play 2Mijia Story TellerMi Bluetooth SpeakerMagic CubeMi Band 2Unlock MedalMijia Electric ScooterMi Power BankMi BandMi TV 70Mi HomeMi HeadphonesMi BoxMi Bluetooth HeadsetXiaomi 6 LaunchXiaomi 7th AnniversaryFantastic!I Love MIUIFlashholicMIUI 8MIUI 2016Awesome!MIUI Devices ContestMarshmallowAnTuTuRedmi Note 4Mi 5sRedmi 3SXiaomi Mi 6Mi 5Redmi ProMi Note4 Million Forum MembersMi 5XMi Note ProPuzzle MasterMIUI Happy Medal100k Forum MembersXiaomi 5th AnniversaryHilal Ramadan 90000 Forum MembersMIUI 6th AnniversaryFan Of MIUI UkraineSuper MondayFan Of MIUI Russia3500K Forum MembersXiaomi 6th Anniversary300K Forum MembersMIUI World TourSuper TuesdayFan Of MIUI AustraliaSuper WednesdayRocket to FutureMIUI 100 Million UsersSuper SaturdayMIUI PMIUI 20 Million UsersMIUI Font LoverHappy DiwaliSuper SundayMIUI Fan From PhilippinesDiwali Fan Of MIUI GreeceMIUI 50 Million Users10 Million Forum Posts1st AnniversaryHappy Valentine's DayMIUI S2 Million Forum MembersHappy Singles' DayMerry ChristmasHappy New YearMIUI Lucky FridayMIUI Fan From IndonesiaFan Of MIUI BangladeshSuper FridaySuper ThursdayRooster Year of 2017MIUI 9500K Forum MembersWomen's Day Medal5 Million Forum App InstallsMIUI Forum AppMIUI 2017MIUI Fan from TurkeyMIUI Fan From MyanmarMIUI 7th AnniversaryMIUI Weekly PollMIUI Philippines Fan MeetupGamer Mi BunnyMiPopSummer Mi BunnyI Love Mi BunnyMIUI ReviewDie-hard MIUI Fan5 Million Forum MembersBlack SharkXiaomi 8th AnniversaryApp StarMIUI Quick Discussion9 Million Forum MembersSurpriseQuick SurveyOreoStar Of TechnologyAndroid GuruForum Contest Lover8 Million Forum MembersNougatMIUI Weekly Devices QuizMIUI FB FollowerTechnology GuruYouth PledgeMIUI Halloween 2017Mr. DependableRingtone Expert25 Million StrongMIUI Android 4.4 KitKatMi Bunny Game Master India Independence DayMIUI G+ FollowerMIUI Twitter Follower6 Million Forum MembersStar Wars7 Million Forum MembersRedmi 5/PlusMi Note 32017 Annual AwardsMi 5XDebate MasterMIUI ExpertMIUI KingOTA FeedbackMIUI SuperstarMi Story TellerMi Lover MedalMaster Of TechnologyAndroid ElfScroll Of WisdomMost Popular Forum UserRedmi Note 5/ProMost Active MIUIerMIUI Medals CollectorTheme TalentMIUI FollowerUpdates LoverPioneer of MIUI English Forum Mi Talent

17:22, Apr-20-2018 | From PC
|
sure. That is why most of users request latest security patch.


Reply to notify me.

Platinum Member

Rank: 4

Credits
3602
Device
Redmi Note 4X
Online time
22 Hours
Send PM

Unlock MedalMijia 360° Panoramic CameraMi Notebook AirYi Action CameraI Love MIUI2 Million Forum MembersMIUI Lucky Friday5 Million Forum App InstallsMIUI Happy Medal10 Million Forum PostsMIUI PSuper MondaySuper SundayMIUI 92017 Annual AwardsQuick SurveyXiaomi 8th AnniversaryDebate MasterMIUI Follower5 Million Forum MembersOreoMIUI Weekly Devices QuizAndroid Guru8 Million Forum MembersOTA FeedbackStar WarsStar Of TechnologyNougatMIUI Quick Discussion

18:04, Apr-20-2018 | From Redmi Note 4X
|
If the question is rhetorical, I'm all in...

Diamond Member

Rank: 5Rank: 5

Credits
1730
Device
0
Online time
0 Hours
Send PM

Yi Action CameraI Love MIUIPuzzle MasterMIUI SRocket to FutureMIUI Happy Medal10 Million Forum Posts5 Million Forum App InstallsMIUI FB FollowerApp StarMIUI Quick Discussion5 Million Forum MembersXiaomi 8th AnniversaryQuick SurveyMIUI Weekly Devices QuizAndroid GuruDebate Master8 Million Forum MembersStar Wars

18:47, Apr-20-2018 | From APP
|
Indeed yes

Platinum Member

Rank: 4

Credits
2507
Device
0
Online time
0 Hours
Send PM

I Love MIUISuper SundayHappy Singles' DayMIUI PPuzzle MasterForum Contest LoverSurpriseMIUI Superstar9 Million Forum MembersNougatMIUI FB FollowerStar WarsMi Lover MedalBlack SharkMIUI Weekly Devices QuizMi Story TellerXiaomi 8th AnniversaryAndroid GuruDebate Master5 Million Forum Members

18:58, Apr-20-2018 | From Redmi 5 Plus
|
indeed yes...

Senior Member

Rank: 2

Credits
177
Device
Redmi 5 Plus
Online time
1 Hours
Send PM

2 Million Forum MembersApp StarStar Wars8 Million Forum MembersMIUI Weekly Devices Quiz

19:16, Apr-20-2018 | From Redmi 5 Plus
|
Thanks

MIUI Beta Team - Global

Rank: 6Rank: 6

Credits
4654
Device
Mi 6
Online time
81 Hours
Send PM

Mi MIXMi BoxUnlock MedalMi ScaleMijia Smart PTZ CameraMi TV 70Mi Notebook AirMi Bluetooth HeadsetMi Kids WatchMIUI Devices ContestMarshmallowAwesome!I Love MIUIFantastic!Redmi Note 4XMi 5sXiaomi Mi 6Happy Valentine's DaySurge S1MIUI Lucky FridayMerry ChristmasDiwali Happy DiwaliHappy New YearMIUI 9MIUI PRocket to FutureMIUI Fan From PhilippinesMIUI 50 Million UsersHappy Singles' DayMIUI 7th AnniversaryMIUI Happy MedalGamer Mi BunnyMiPopMIUI Quick Discussion8 Million Forum MembersMIUI Weekly Devices QuizForum Contest LoverRingtone ExpertDie-hard MIUI FanXiaomi 8th AnniversaryRedmi 5/PlusDebate MasterNougatOreoApp StarMIUI FollowerStar Of Technology2017 Annual AwardsMIUI Twitter Follower6 Million Forum MembersStar WarsMIUI Medals Collector7 Million Forum MembersTheme TalentOTA FeedbackMi A1Technology GuruMi Lover MedalYouth PledgeMr. DependableMIUI Halloween 2017Android Elf

19:30, Apr-20-2018 | From Mi 6
|
Yes...
Please use Reply button or do @arbabseyfola. so I can get a notification and reply faster.

Diamond Member

Rank: 5Rank: 5

Credits
1187
Device
Redmi 5A
Online time
2 Hours
Send PM

Yi Action CameraI Love MIUI2 Million Forum MembersRocket to FutureStar WarsMIUI Quick DiscussionApp StarMIUI FB Follower8 Million Forum MembersXiaomi 8th AnniversaryMIUI Weekly Devices QuizAndroid GuruMIUI KingMi Lover MedalDebate Master

19:40, Apr-20-2018 | From Redmi 5A
|
patch or no patch they will hack and hack - that's all they wanna do...

MIUI Device Team

Credits
680
Device
0
Online time
4 Hours
Send PM

2 Million Forum MembersMIUI Device TeamApp StarMIUI Quick DiscussionSurpriseNougat8 Million Forum MembersMIUI Weekly Devices QuizXiaomi 8th AnniversaryDebate MasterMIUI KingStar Wars

20:12, Apr-20-2018 | From Redmi 3S
|
They will hack whether there is security patch or not.

Credits Management

Quick Reply Top Return to the list