Super moderator

Enlightened From Within

Rank: 8Rank: 8

Credits
118821
Device
Mi 5s
Online time
1627 Hours
Send PM

Mi WiFiYi Action CameraMi BandMi Power StripMi Water PurifierMi Selfie StickMi Yi CameraMi VRMi MIXXiaomi 6 LaunchMi Plastic In-ear PhonesMagic CubeMi TV 70Mijia Story TellerYeelight Bedside LampMi Bluetooth SpeakerMi  BunnyMi WiFi Router MiniMi Notebook AirMi HomeUnlock MedalMi Air PurifierMi Power Bank 10000MAH Mi Band 2Mi HeadphonesMijia VR Play 2Mi VR HeadsetMijia Walkie TalkieMijia Qi CycleMi Bluetooth HeadsetMijia Smart PTZ CameraXiaomi 7th AnniversaryMIUI 2016MIUI 8Fantastic!MIUI Devices ContestAwesome!FlashholicMarshmallowMIUI 7I Love MIUIMi 5sMi TVMi 4cRedmi Note 34 Million Forum Members1st AnniversaryHappy DiwaliFan Of MIUI Bangladesh1800K Forum MembersMi Live MedalDiwali MIUI World TourXiaomi 6th AnniversaryMIUI Weekly PollMIUI 5th AnniversaryFan Of MIUI Poland1900K Forum MembersI Love 2016Camera Filter Guru Medal1400K Forum MembersMIUI Fan From NepalMIUI Fan From MyanmarMIUI Fan from MalaysiaPokemon Master MedalMIUI 50 Million UsersMIUI 100 Million UsersMIUI Fan From SingaporeMIUI SHappy Singles' DayUEFA EURO MedalFan Of MIUI IndiaMIUI 6th AnniversaryMIUI Forum App1700K Forum MembersMIUI PMid-Autumn FestivalMIUI 300 WeeksFan Of MIUI GreeceOlympics MedalMerry Christmas1500K Forum MembersMIUI Fan From IndonesiaSuper WednesdayWomen's Day Medal10 Million Forum Posts3 Million Forum MembersSuper ThursdayPuzzle MasterMIUI 2017Super TuesdaySuper FridaySingapore Merlion MedalSurge S1MIUI Happy MedalFan Of MIUI RussiaSuper SundayMIUI Font Lover3500K Forum Members300K Forum MembersMIUI Philippines Fan MeetupSuper SaturdayHappy Holi MedalMIUI 9MIUI Fan from India5 Million Forum App InstallsFan Of MIUI UkraineSuper MondayMIUI 7th AnniversaryXiaomi 5th AnniversaryMIUI Lucky FridayFan Of MIUI ItalyHilal Ramadan 1 Million Forum App InstallsHappy New YearMIUI Drawing TalentMIUI Fan from TurkeyHappy Valentine's DayThanksgiving DayRocket to FutureRooster Year of 201790000 Forum MembersI Love Mi BunnyAlpaca Mi Bunny Summer Mi BunnyGamer Mi BunnyMiPopMIUI ReviewStar Of IconsQuick Survey9 Million Forum MembersSurpriseOreoMIUI Weekly Devices Quiz10 Million Forum MembersNougatMIUI 8th AnniversaryMost Active MIUIer8 Million Forum MembersMIUI FB FollowerXiaomi 8th AnniversaryPioneer of MIUI English Forum Technology GuruStar WarsMost Popular Forum UserMIUI Halloween 2017MIUI Quick DiscussionMIUI Android 4.4 KitKatTheme TalentBlack Shark2017 Annual AwardsMi Talent25 Million StrongWallpaper StarMaster Of TechnologyIndia Independence DayMi Bunny Game Master Mr. DependableScroll Of WisdomApp StarMIUI ExpertRingtone Expert7 Million Forum MembersHumor MasterOTA FeedbackMIUI KingStar Of TechnologyUpdates LoverMIUI FollowerDie-hard MIUI FanMi Lover MedalAndroid GuruMIUI G+ FollowerYouth PledgeDebate MasterAndroid ElfMIUI Medals CollectorMi Story TellerMIUI Ice Bucket ChallengeMIUI SuperstarForum Contest LoverMIUI Twitter Follower

[Chat] [Tech Discussion #7]Does Missing Security Patches Gets Phone Ready for Hackers?

  [ Promote]
38708 427 |
18:43, Apr-19-2018 | Via mobile
|
|
Go to reply no.
MIUI Tech Discussion.png

Greetings Dear MIUIers & Mi Fans,
     The Security Research Labs, Germany has disclosed that despite of the lots of efforts by Google to direct OEMs to provide Monthly Android Security Patch to all their Android based Smartphones, it is found that most of the smartphone vendors have failed to do so! SRL has looked under the hood of hundreds of Android phones and it has found a troubling new wrinkle: Not only do many Android phone vendors fail to make Monthly Android Security Patches available to their users or delay their release for months; they sometimes also tell users that their phone's firmware is fully up to date, even when they've secretly skipped the patches.


AndroidSecurity-91620751.jpg

     At the Hack in the Box security conference in Amsterdam, researchers Karsten Nohl and Jakob Lell of the firm Security Research Labs plan to present the results of two years of reverse-engineering, hundreds of Android phone's operating system code, painstakingly checking if each device actually contained the security patches indicated in its settings. They found what they call a "patch gap": In many cases, certain vendor's phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen of patches from that period—leaving phones vulnerable to a broad collection of known hacking techniques.


Screenshot_2018-04-20-10-59-32-917_com.android.settings.png

     "We find that there's a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others," says Nohl, a well-known security researcher and SRL's founder. In the worst cases, Nohl says, Android phone manufacturers intentionally misrepresented when the device had last been patched. "Sometimes smartphone vendors just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best."

     After averaging out the results of every phone tested for each vendor, SRL labs produced the chart below, which splits vendors into three categories based how faithfully their patching claims matched reality in 2017, focusing only on phones that received at least one patch in October of 2017 or later. Phones from major Android vendors including Xiaomi and Nokia had on average between one and three missing patches, and even major vendors like HTC, Motorola, and LG missed between three and four of the patches they claimed to have installed. But the lowest-performing companies on the list were the Chinese firms TCL and ZTE, all of whose phones had on average more than four patches that they'd claimed to have installed, but hadn't.


patches_table-02.jpg

     SRL also points to chip suppliers as one possible reason for missing patches: While phones with processors from Samsung had very few silently skipped patches, ones that used chips from the Taiwanese firm MediaTek lacked a whopping 9.7 patches on average. That may in some cases be simply because cheaper phones are more likely to skip patches, and also tend to use cheaper chips. But in other cases, it's because bugs are found in the phone's chips rather than in its operating system, and the phone manufacturer depends on the chipmaker to offer a patch. As a result, cheaper phones that source chips from lower-end suppliers inherit those suppliers' missed patches. "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem," Nohl says.


patches_table-03.jpg

     More surprisingly, Nohl agrees with Google's other major point: Hacking Android phones by exploiting their missing patches is far harder than it sounds. Even Android phones that don't have solid patching records still benefit from Android's broader security measures, like address space layout randomization—which since Android 4.0 (Lollipop) has randomized the location of a program in memory to make it harder for malware to exploit other parts of the phone—and sandboxing, which limits a malicious program's access to the rest of the device. That means most hacking techniques, known as exploits, that can gain full control of a target Android phone requires taking advantage of a series of vulnerabilities in a phone's software, not just one missed patch. "Even if you miss certain patches, chances are they’re not aligned in a certain way that allows you to exploit them," Nohl says.


Ransomware_sandbox.width-800.jpg

     Nohl cites the security principle of "defense in depth"—that security is most effectively implemented in multiple layers. And every missed patch is potentially one less layer of protection. "You should never make it any easier for the attacker by leaving open bugs that in your view don’t constitute a risk by themselves, but may be one of the pieces of someone else's puzzle," Nohl says. "Defense in depth means install all the patches.


So, what do you think?

Does Missing Android Security Patches Gets Phone Ready For Hackers?

Special Thanks to our admins @Nanana @candicesu & Mi 5s Subforum Management Team!

Source

Favorite28 Share

Rated by 17 people   Experience Prestige Reason  

Suo_Eno + 2 Agreed!
blackfirefly434 + 10 + 5 Awesome!
rahul_09 + 10 + 5 Awesome!
1805291908 + 1 Awesome!
kryon!! + 10 + 3 Fantastic!
kor555 + 1 <font style="vertical-align: inh
1596225176 + 5 Awesome!
chgbhat + 4 Great!
colaus + 5 Great!
fishstinks + 2 Great!
crossfire25 + 10 + 3 Great!
Katrix + 10 + 5 Awesome!
VikuBalupura + 10 + 5 Fantastic!
Ratpenatt + 5 Well Done !!
abhijitdevnath + 10 + 5 Awesome!
KoHsetGyi + 10 + 3 Awesome!
candicesu + 10 Awesome!

Experience +115  Prestige +34  View Rating Log

Elite Member

Rank: 6Rank: 6

Credits
11006
Device
0
Online time
0 Hours
Send PM

Mi Notebook AirYi Action CameraMi BandMi  BunnyMijia 360° Panoramic CameraMi HomeMijia Walkie TalkieMi Band 2Magic CubeUnlock MedalMijia Smart ShoesMi ScaleNinebot MiniMi WiFi RouterMi Power BankMi TV 70Mi Bluetooth HeadsetMi BoxMi T-ShirtAwesome!I Love MIUIFantastic!MIUI Devices ContestFlashholicMarshmallowSuper MondayXiaomi 6th AnniversaryWomen's Day MedalPuzzle MasterHappy Valentine's DayMIUI Forum AppSuper Sunday1st Anniversary2 Million Forum MembersMIUI Weekly PollSuper SaturdayMIUI Fan from TurkeyHappy Singles' DayMIUI Fan From IndonesiaMIUI Marathon MedalMIUI PMIUI 9MIUI Happy MedalRocket to FutureMIUI 7th AnniversaryDiwali Happy DiwaliMIUI SHappy New YearMerry ChristmasMIUI 50 Million UsersMIUI Fan From PhilippinesMIUI 2017MIUI Lucky FridayMiPopGamer Mi BunnyMr. Dependable25 Million StrongOTA FeedbackMIUI Halloween 2017Theme TalentMIUI FollowerBlack Shark9 Million Forum MembersMIUI Android 4.4 KitKatMost Active MIUIer10 Million Forum Members6 Million Forum MembersTechnology GuruStar Wars2017 Annual AwardsMIUI Medals CollectorMIUI SuperstarMIUI Twitter FollowerMIUI 8th AnniversaryMi Lover MedalApp StarQuick SurveyMi TalentMIUI Quick DiscussionMIUI KingOreoNougatDie-hard MIUI Fan8 Million Forum MembersRingtone ExpertAndroid GuruMi Story TellerStar Of TechnologyMIUI FB FollowerSurpriseForum Contest LoverScroll Of Wisdom7 Million Forum MembersXiaomi 8th AnniversaryDebate MasterAndroid Elf

17:02, Apr-20-2018 | From Redmi Note 4X
|
Yes.

Moderator

ကိုဆက်ကြီး

Rank: 7Rank: 7Rank: 7

Credits
48075
Device
Mi 5s
Online time
988 Hours
Send PM

Unlock MedalMijia Story TellerMi Power BankMi Band 2Mijia Qi CycleMijia Walkie TalkieXiaomi 6 LaunchMijia VR Play 2Mi ScaleMi MIXMi BandMagic CubeMi VRMi BoxMi TV 70Mi HeadphonesMi WiFi RouterNinebot MiniMi Bluetooth HeadsetMi Notebook AirMi Bluetooth SpeakerYi Action CameraMi T-ShirtMijia Electric ScooterMijia Smart PTZ CameraMi HomeMijia Smart ShoesMi  BunnyXiaomi 7th AnniversaryAwesome!MIUI 2016AnTuTuMIUI Devices ContestMIUI 8Fantastic!I Love MIUIMarshmallowFlashholicXiaomi Mi 6Mi 5sMi 5Redmi 3S4 Million Forum MembersRedmi Note 4Mi NoteMi Note ProMi 5XRedmi ProMIUI World TourMIUI PRooster Year of 2017Super MondayFan Of MIUI GreeceMIUI 20 Million UsersSuper TuesdaySuper WednesdayHappy DiwaliMIUI Fan From MyanmarFan Of MIUI UkraineMIUI Forum AppFan Of MIUI Russia3500K Forum MembersMIUI 2017MIUI 50 Million UsersMIUI Happy MedalSuper FridayMIUI Marathon MedalRocket to FutureHappy Valentine's DayXiaomi 6th AnniversaryMIUI 6th Anniversary10 Million Forum PostsHappy New YearMerry Christmas1st AnniversarySuper ThursdaySuper SundayMIUI Font LoverFan Of MIUI IndiaSuper SaturdayWomen's Day Medal300K Forum Members100k Forum Members2 Million Forum MembersMIUI Fan from TurkeyXiaomi 5th AnniversaryFan Of MIUI AustraliaMIUI Lucky FridayMIUI SMIUI Fan From IndonesiaHappy Singles' DayMIUI Weekly PollMIUI 7th AnniversaryFan Of MIUI BangladeshMIUI 100 Million Users500K Forum MembersMIUI Philippines Fan MeetupMIUI 990000 Forum MembersHilal Ramadan 5 Million Forum App InstallsDiwali Puzzle MasterMIUI Fan From PhilippinesGamer Mi BunnySummer Mi BunnyMiPopI Love Mi BunnyMIUI Review8 Million Forum Members10 Million Forum MembersXiaomi 8th AnniversaryMIUI 8th AnniversaryBlack SharkMIUI Quick DiscussionMIUI Weekly Devices Quiz5 Million Forum MembersDie-hard MIUI FanApp StarStar Of TechnologyAndroid GuruMIUI FB Follower9 Million Forum MembersSurpriseOreoNougatQuick SurveyOTA FeedbackYouth PledgeMIUI Halloween 2017Mr. DependableRingtone Expert25 Million StrongMIUI Android 4.4 KitKatMi Bunny Game Master India Independence DayMIUI G+ FollowerMIUI Twitter Follower6 Million Forum MembersStar Wars7 Million Forum MembersRedmi 5/PlusMi Note 32017 Annual AwardsMi 5XForum Contest LoverMIUI ExpertMi Story TellerMIUI KingRedmi Note 5/ProMi Lover MedalScroll Of WisdomDebate MasterMaster Of TechnologyAndroid ElfMIUI SuperstarMost Popular Forum UserTheme TalentMost Active MIUIerMIUI Medals CollectorMIUI FollowerPioneer of MIUI English Forum Technology GuruMi TalentUpdates Lover

17:22, Apr-20-2018 | From PC
|
sure. That is why most of users request latest security patch.



Reply to notify me.

Platinum Member

Rank: 4

Credits
3941
Device
Redmi Note 4X
Online time
23 Hours
Send PM

Unlock MedalMijia 360° Panoramic CameraMi Notebook AirYi Action CameraI Love MIUI2 Million Forum MembersMIUI Lucky Friday5 Million Forum App InstallsMIUI Happy Medal10 Million Forum PostsMIUI PSuper MondaySuper SundayMIUI 92017 Annual AwardsQuick SurveyXiaomi 8th AnniversaryDebate MasterMIUI Follower5 Million Forum MembersOreoMIUI Weekly Devices QuizAndroid Guru8 Million Forum MembersOTA FeedbackStar WarsStar Of TechnologyNougatMIUI Quick Discussion

18:04, Apr-20-2018 | From Redmi Note 4X
|
If the question is rhetorical, I'm all in...

Diamond Member

Rank: 5Rank: 5

Credits
2112
Device
0
Online time
0 Hours
Send PM

Yi Action CameraI Love MIUIPuzzle MasterMIUI SRocket to FutureMIUI Happy Medal10 Million Forum Posts5 Million Forum App InstallsMIUI FB FollowerApp StarMIUI Quick Discussion5 Million Forum MembersXiaomi 8th AnniversaryQuick SurveyMIUI Weekly Devices QuizAndroid GuruDebate Master8 Million Forum MembersStar Wars

18:47, Apr-20-2018 | From APP
|
Indeed yes

MIUI Beta Team - Global

Rank: 6Rank: 6

Credits
6347
Device
0
Online time
0 Hours
Send PM

I Love MIUISuper SundayFan Of MIUI IndiaPuzzle MasterHappy Singles' DayMIUI PMIUI SuperstarForum Contest LoverNougat9 Million Forum MembersMIUI Quick DiscussionMIUI Weekly Devices QuizBlack SharkSurpriseDebate MasterXiaomi 8th AnniversaryMi Story TellerStar WarsAndroid GuruMIUI FB Follower5 Million Forum MembersMi Lover Medal

18:58, Apr-20-2018 | From Redmi 5 Plus
|
indeed yes...

Senior Member

Rank: 2

Credits
187
Device
Redmi 5 Plus
Online time
1 Hours
Send PM

2 Million Forum MembersApp StarStar Wars8 Million Forum MembersMIUI Weekly Devices Quiz

19:16, Apr-20-2018 | From Redmi 5 Plus
|
Thanks

MIUI Beta Team - Global

Rank: 6Rank: 6

Credits
7714
Device
Mi 6
Online time
91 Hours
Send PM

Mijia Smart PTZ CameraUnlock MedalMi MIXMi ScaleMi TV 70Mi Notebook AirMi BoxMijia Smart ShoesMi BandMi Power BankNinebot MiniMi Bluetooth HeadsetMi T-ShirtMi Kids WatchMi HomeMi WiFi RouterAwesome!Fantastic!MarshmallowMIUI Devices ContestI Love MIUIXiaomi Mi 6Redmi Note 4XMi 5sMIUI 7th AnniversaryRocket to FutureDiwali Happy DiwaliMIUI Fan From PhilippinesSuper SaturdayHappy Singles' DaySurge S1MIUI Happy MedalMIUI 9MIUI PHappy New YearMIUI Marathon MedalMIUI SMIUI Lucky FridaySuper MondayHappy Valentine's DayPuzzle MasterMerry ChristmasMIUI 50 Million UsersMiPopGamer Mi BunnyApp Star6 Million Forum Members9 Million Forum MembersMaster Of TechnologyPioneer of MIUI English Forum Star WarsMIUI 8th AnniversaryForum Contest LoverMIUI Medals CollectorMi TalentRedmi S2Mi 810 Million Forum Members7 Million Forum MembersMIUI KingRedmi 5/PlusMIUI Twitter Follower2017 Annual AwardsStar Of TechnologyMi A1MIUI FollowerMi Lover MedalOTA FeedbackMr. DependableMIUI Halloween 2017Youth PledgeTechnology GuruAndroid ElfTheme TalentDie-hard MIUI FanXiaomi 8th AnniversaryDebate MasterOreoNougatRingtone ExpertMIUI Quick DiscussionMIUI Weekly Devices Quiz8 Million Forum Members

19:30, Apr-20-2018 | From Mi 6
|
Yes...
Please use Reply button or do @arbabseyfola. so I can get a notification and reply faster.

Diamond Member

Rank: 5Rank: 5

Credits
1185
Device
Redmi 5A
Online time
2 Hours
Send PM

Yi Action CameraI Love MIUI2 Million Forum MembersRocket to FutureStar WarsMIUI Quick DiscussionApp StarMIUI FB Follower8 Million Forum MembersXiaomi 8th AnniversaryMIUI Weekly Devices QuizAndroid GuruMIUI KingMi Lover MedalDebate Master

19:40, Apr-20-2018 | From Redmi 5A
|
patch or no patch they will hack and hack - that's all they wanna do...

Diamond Member

Rank: 5Rank: 5

Credits
704
Device
0
Online time
4 Hours
Send PM

2 Million Forum MembersMIUI Device TeamApp StarMIUI Quick DiscussionSurpriseNougat8 Million Forum MembersMIUI Weekly Devices QuizXiaomi 8th AnniversaryDebate MasterMIUI KingStar Wars

20:12, Apr-20-2018 | From Redmi 3S
|
They will hack whether there is security patch or not.

Credits Management

Quick Reply Top Return to the list