On Thursday, 23 April 2015 14:05:29 BST, Oliver Grawert wrote:
the moment you enable ssh i wouldnt call your phone an unhacked phone
anymore ;)
i'm talking about a normally used phone like my mom would use it ...
without installing a terminal-app, enabling developer mode or ssh ...
since she doesn't know what that is ;)
if you alter the low level defaults you should be aware that you also
alter security abilities ...
You only need the terminal-app installed to achieve all that. Which can be
installed by an attacker in seconds if they have your unlocked phone. As a
geek, I have the terminal-app installed, but I don't have developer mode or
ssh or anything else enabled.
sudo doesn't require a password, and outgoing ssh is available, so it is
fairly trivial to copy the log and upload it somewhere if the phone is
unlocked. Particularly as my phone doesn't have a lock enabled, so there is
no restriction on time.
And, please don't block ssh in the future. If I was going to use it as an
attacker, I could just switch to an http page to upload the data. I don't
see how disabling ssh would provide any additional security. But, as a
geeky user, being able to ssh to maintain my servers at any time or
location is great. That's why I've been using Ubuntu for the past 2 years,
to have the power of a full linux system on my phone whenever I need it.
--
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help : https://help.launchpad.net/ListHelp
