www.eff.org/issues/dmca-rulemaking
now how can Google/HTC justify legality of avoiding warranty by unlocking our devices......
Very easily - there are no regulations. This is a proposal - which also wasn't accepted, if I read correctly.
Moreover, quoting:
"Another proposal requests a DMCA exemption for cell phone "jailbreaking" -- liberating iPhones and other handsets to run applications from sources other than those approved by the phone maker".
Where do you see anything about warranty? Android's equivalent of "jailbreaking" is going into "Settings/Applications" and selecting a checkbox. Nobody talks about warranty anywhere.
I dont quite agree. This is a clarification. That removing DRM Pprotection is OK.
I know that it not directly gives attention to other than DRM, which in itself is positive. BUT it recognizes the legality of modyfing our phones and I would say this is a step forward.
I guess it will not go without a fight....
Gotta love how people manage to read what they want to read...
Quoting:
"In 2003, EFF filed for four exemptions, all seeking to allow consumers to repair DRM-crippled CDs and DVDs. All four exemptions were denied."
"In 2009, EFF is seeking three exemptions: One to allow video remixing, and two to allow cell phone unlocking."
Let me explain something. DRM protection is stated in LAWS (which vary from country to country, BTW). Laws are made by GOVERNMENTS. EFF is NO GOVERNMENT, it CAN'T CHANGE LAWS, it CAN'T CREATE LAWS, it CAN'T REMOVE LAWS.
Specifically in this case - it ASKED for several exemptions to be made, and they were DENIED. How do you deduce anything of what you wrote here from what you read?
And again, how is that about warranty at all? The warranty isn't void because you install non-certified applications on the phone, or "bypass" DRM. Nobody prevents you from doing that. The warranty is void if you deliberately choose to alter the firmware of the phone - for obvious reasons, which aren't connected to DRM in any way.
On a side note - you might as well be grateful that it is made this way. GPL v2, under which Linux and this phone's FW reside, states that you have to release the software that falls under it, but in no place it says anything about protection mechanisms, and if the platform wasn't designed for tinkering with - you might very well have been stuck with ROMs that you can't flash with anything but provider-signed ROMs with keys that you couldn't have, and it would still be perfectly legal.
A more comprehensive decision from Library of Congress
https://www.eff.org/files/filenode/dmca_2009/RM-2008-8.pdf
A big document, but overall, the conclusion is that circumventing DRM is OK as long as other copyright infringements are not violated.
As for the copyright issue. As you stated Android is GPL, so, as we know, we cant diatribute or even change HTC/Google copyrighted material. However, this is not the case for unlocking, jailbreaking etc.
I rest my case
Final Regulations
For the reasons set forth in the preamble, 37 CFR part 201 is amended as
follows:
<REGTEXT TITLE="GENERAL PROVISIONS" PART="201">
Part 201GENERAL PROVISIONS
1.The authority citation for part 201 continues to read as follows:
Authority:
17 U.S.C. 702
2.Section 201.40 is amended by revising paragraph (b) to read as follows:
201.40 Exemption to prohibition against circumvention.
(b)Classes of copyrighted works. Pursuant to the authority set forth in 17
U.S.C. 1201(a)(1)(C) and (D), and upon the recommendation of the Register of
Copyrights, the Librarian has determined that the prohibition against
circumvention of technological measures that effectively control access to
copyrighted works set forth in 17 U.S.C. 1201(a)(1)(A) shall not apply to
persons who engage in noninfringing uses of the following five classes of
copyrighted works:
(1)Motion pictures on DVDs that are lawfully made and acquired and that are
protected by the Content Scrambling System when circumvention is accomplished
solely in order to accomplish the incorporation of short portions of motion
pictures into new works for the purpose of criticism or comment, and where the
person engaging in circumvention believes and has reasonable grounds for
believing that circumvention is necessary to fulfill the purpose of the use in
the following instances:
(i)Educational uses by college and university professors and by college and
university film and media studies students;
(ii)Documentary filmmaking;
(iii)Noncommercial videos.
(2)Computer programs that enable wireless telephone handsets to execute software
applications, where circumvention is accomplished for the sole purpose of
enabling interoperability of such applications, when they have been lawfully
obtained, with computer programs on the telephone handset.
(3)Computer programs, in the form of firmware or software, that enable used
wireless telephone handsets to connect to a wireless telecommunications network,
when circumvention is initiated by the owner of the copy of the computer program
solely in order to connect to a wireless telecommunications network and access
to the network is authorized by the operator of the network.
(4)Video games accessible on personal computers and protected by technological
protection measures that control access to lawfully obtained works, when
circumvention is accomplished solely for the purpose of good faith testing for,
investigating, or correcting security flaws or vulnerabilities, if:
(i)The information derived from the security testing is used primarily to
promote the security of the owner or operator of a computer, computer system, or
computer network; and
(ii)The information derived from the security testing is used or maintained in a
manner that does not facilitate copyright infringement or a violation of
applicable law.
(5)Computer programs protected by dongles that prevent access due to malfunction
or damage and which are obsolete. A dongle shall be considered obsolete if it is
no longer manufactured or if a replacement or repair is no longer reasonably
available in the commercial marketplace.
(6)Literary works distributed in ebook format when all existing ebook editions
of the work (including digital text editions made available by authorized
entities) contain accesscontrols that prevent the enabling either of the
book’s readaloud function or of screen readers that render the text into a
specialized format.
Dated: July 20, 2010
James H. Billington,
The Librarian of Congress.
Click to expand...
Click to collapse
Excellent, but looks like your case is worth nothing. Here's a quick summary:
You can legally SIM-unlock the phone under Exemption 3. Oh, wait, if there is a SIM-locked Android handset - that definitely won't be Nexus. Useless.
You can run legally obtained SW not provided by your Market / cellular provider / other predefined "allowed" entity, that wouldn't install on your phone otherwise, under Exemption 2. Oh great, that's what the "Unknown sources" checkbox in Application Settings stands for. Again, useless.
All the other DRM in question are completely irrelevant, from CSS which is circumvented since years ago to obsolete dongles.
Now, again, what would be your argument connecting this and warranty?
Look, all Iam saying is It is my opinion this is at least a step in the right direction.
I get all of your points, and they are all valid. I also agree on your statement for specific country laws. However, lots of countries are following directions set by US laws and regulations.
We will see what this brings for the future.
Jack_R1 said:
Excellent, but looks like your case is worth nothing. Here's a quick summary:
You can legally SIM-unlock the phone under Exemption 3. Oh, wait, if there is a SIM-locked Android handset - that definitely won't be Nexus. Useless.
You can run legally obtained SW not provided by your Market / cellular provider / other predefined "allowed" entity, that wouldn't install on your phone otherwise, under Exemption 2. Oh great, that's what the "Unknown sources" checkbox in Application Settings stands for. Again, useless.
All the other DRM in question are completely irrelevant, from CSS which is circumvented since years ago to obsolete dongles.
Now, again, what would be your argument connecting this and warranty?
Click to expand...
Click to collapse
Related
Good day all,
With all the hubub about airport security screening your phone I'm interested in an 'airport app'. Namely, as opposed to full encryption (meh good if needed, but I don't really want to trade battery life for security) or the hassle of backing up an image, flashing a virgin phone image for travel, and then restoring the image after travel..
Why not create a 'sandbox' app of sorts. Start it, it simulates virgin or near virgin status, have an advanced unlock sequence to close it. The only issue, I see, would be if the phone was restarted while in 'airport mode' could it be triggered to restart in said mode.
After typing out my whole idea, I'm thinking the backup and flash of virgin rom might be a lot simpler. But I'm interested if any other world travelers, or US travelers would be interested in something like this.
So I guess the question is, anyone else thought about this, anyone know of something similar out already? Anyone want to develop something like this?
~HattZ
Screening in X-rays? What does it have to do with anything?
Or some other screening (don't believe it's technically possible - too many phones)? Can you point to your info source?
I don't understand the point of this, it is not like they take your phone and play with it when you go through security. In fact, mine has never been removed from my carry on when passing through security.
Maybe you have some evidence to support your theory that our phones data is at risk when passing through security checkpoints... but I doubt it.
Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.
pconwell said:
Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.
Click to expand...
Click to collapse
Sorry, wrong answer, it is the US, most national travel is not submitted to this type of search. All international (incoming) travel can be.
Lots of interesting talk on it: http://yro.slashdot.org/story/10/11...r-Moxie-Marlinspikes-Laptop-Cellphones-Seized
Legal explanation: http://caselaw.lp.findlaw.com/data/constitution/amendment04/04.html
pertinent excerpt: "Border Searches .--''That searches made at the border, pursuant to the longstanding right of the sovereign to protect itself by stopping and examining persons and property crossing into this country, are reasonable simply by virtue of the fact that they occur at the border, should, by now, require no extended demonstration.'' 87 Authorized by the First Congress, 88 the customs search in these circumstances requires no warrant, no probable cause, not even the showing of some degree of suspicion that accompanies even investigatory stops."
A google search for "international travel us border checking laptops and phones" give about a million other examples, I'll throw a few below.
from Feb 12, 2008 (this isn't a new phenomenon, just getting more press)
http://www.pcworld.com/article/142429/five_things_to_know_about_us_border_laptop_searches.html
from 21 September 2009
http://www.mondaq.com/unitedstates/article.asp?articleid=86010
Don't like it? neither do I.
http://www.aclunc.org/issues/technology/blog/checking_your_privacy_at_the_border.shtml
ACLU excerpt (it's liberal, and slanted but a valid presentation of the worst case scenario): "Originally announced in July 2008, the current policy permits border agents to search electronic devices “absent individualized suspicion.” Agents may hold on to devices “for a reasonable period of time” to “review and analyze information.” In other words, border agents are legally able to take travelers’ information whenever they want at security checkpoints at airports or along the border, and hold on to it for as they long as they want. Agents may also copy information and send it off-site to be analyzed. The policy applies to all electronic devices, including computers, disks, hard drives, cell phones and cameras. Travelers have to be concerned about more than the possibility of security agents rifling through their belongings. Their private data might be compromised, erased, or kept indefinitely, and they don’t know how that data might be used."
Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.
MaximReapage said:
Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.
Click to expand...
Click to collapse
Yeah, sorta realized that or something similar would be the most efficient. I'm thinking even a step lazier, nandroid backup to SD, restore a stock rom / clear sim card, remove SD, maybe even backup to laptop (truecrypt FDE - custom error message at boot saying master boot record is corrupt)
walk out of security, pop in SD, start nandroid restore...
sigh.. a sandbox app would be sorta fun though.
If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.
Definitely keep a copy of it on your computer at home, though.
airplanemode anyone?
Or turn of your phone.
I know what will make it a quick transition through airport security when flying international..
Put some heavy encryption on my phone, obfuscate my data, and then pass it off with a flimsy cover program to make it look like there is nothing there. That way if they do find it, it's GITMO TIME.
Jack_R1 said:
If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.
Click to expand...
Click to collapse
meh, at the lower tier of airport security a custom boot message from a full disk encrypted truecrypt volume. "please insert windows disk" "cannot find master boot record" or similar.. and a sob story about how your laptop stopped working on vacation and when you get home you have a friend that you hope can fix it..
gets by most, it's not NSA at every checkpoint. it's just over min wage, uneducated, folks..
so backing it up to laptop, and tossing micro SD card in the bottom of a bag or in a jacket pocket.. will work just fine.
*Assume the phone in question is rooted and s-off*
Scenario: A person is invited to the HQ of a very successful and prominent intelligence firm by one of the highest ranking advisors in the firm. The purpose of the invite is unknown to this person, although it isn’t a place like Google so they aren’t exactly in the business of just giving out tours for friends. It’s possible that lucrative employment may be an option. Assume that buying a prepaid phone for the visit is not an option, and that the phone does not leave the custody of the person at any time during the visit.
Question: Is it possible to push anything to the phone (a program or script for example) which would survive a complete wipe followed by a nandroid restore (backed up before the visit takes place) when only the following is enabled (no NFC, Bluetooth, or Wifi):
-Data/radio
-Radio
-Airplane mode
Thank you very much for your time on this.
prospect7 said:
*Assume the phone in question is rooted and s-off*
Scenario: A person is invited to the HQ of a very successful and prominent intelligence firm by one of the highest ranking advisors in the firm. The purpose of the invite is unknown to this person, although it isn’t a place like Google so they aren’t exactly in the business of just giving out tours for friends. It’s possible that lucrative employment may be an option. Assume that buying a prepaid phone for the visit is not an option, and that the phone does not leave the custody of the person at any time during the visit.
Question: Is it possible to push anything to the phone (a program or script for example) which would survive a complete wipe followed by a nandroid restore (backed up before the visit takes place) when only the following is enabled (no NFC, Bluetooth, or Wifi):
-Data/radio
-Radio
-Airplane mode
Thank you very much for your time on this.
Click to expand...
Click to collapse
Lol this is a little paranoid imo but also very interesting. How could your radio and data be enabled with airplane mode at the same time? I would also say that this isn't specifically related to the HTC ONE but more related to Android in general. Maybe you should ask your special question here
Yes, it is possible. They put up a rogue cell site, your phone connects to it, and they are in control of any data sent / received to the device.
cschmitt said:
Yes, it is possible. They put up a rogue cell site, your phone connects to it, and they are in control of any data sent / received to the device.
Click to expand...
Click to collapse
How the device will connect to that rogue cell site with airplane mode activated?
I love that poem mate! :good: in your signature lol ''Ode to the Noob''
Thanks, both of you, I'll post this to the forum you mentioned, alray.
Paranoid yes, but if you've followed the intelligence community closely, it's not so much paranoia as precaution. Trust me, I won't go blame it on aliens, hahaha.
To answer your question, alray: Information has been made public to show that hardware level surveillance is possible on electronic devices and there are devices used to do this. Granted, it's rare, but I figured I'd leave it open ended to see if someone knew something I didn't.
Hi there,
After the advice of John on this thread
https://groups.google.com/a/googlep...forums.com?utm_medium=email&utm_source=footer
I finally got passed the boot loop after another attempt. I am travelling in China and this country is so beautiful that I could not stand living without a camera. So I simply tried again and it worked. (I have a software VPN that helps to reach the Google servers).
So I have setup a hosted network on my Windows 10 device with the VPN on it and went ahead with the install.
It went all fine (a bit longer as the packets have to transit via San Fransico hardware VPN hosted by VPN Express) however once I'm on the "Verifying your account" page, I enter my email and it grays out in the wait of completion but it rolls and rolls, it never ends.
I have searched on Google search engine about documentation to fix that quick and I ended in an ocean of people running around like headless chickens, sake oil dealers etc etc. So what's all these hurdles about this FPR thing???
I am scared.
I am in china and my phone helps me to get around.
It's now a useless paper weight.
What if I end up in a trap because I asked some people for my way and I get hurt? Am I allowed to blame the new fancy "security" policies?
PLEASE HELP ME FAST - I NEED URGENT ASSISTANCE - I will be refreshing my email every 30mns from now.
vonz33 said:
Hi there,
After the advice of John on this thread
https://groups.google.com/a/googlep...forums.com?utm_medium=email&utm_source=footer
I finally got passed the boot loop after another attempt. I am travelling in China and this country is so beautiful that I could not stand living without a camera. So I simply tried again and it worked. (I have a software VPN that helps to reach the Google servers).
So I have setup a hosted network on my Windows 10 device with the VPN on it and went ahead with the install.
It went all fine (a bit longer as the packets have to transit via San Fransico hardware VPN hosted by VPN Express) however once I'm on the "Verifying your account" page, I enter my email and it grays out in the wait of completion but it rolls and rolls, it never ends.
I have searched on Google search engine about documentation to fix that quick and I ended in an ocean of people running around like headless chickens, sake oil dealers etc etc. So what's all these hurdles about this FPR thing???
I am scared.
I am in china and my phone helps me to get around.
It's now a useless paper weight.
What if I end up in a trap because I asked some people for my way and I get hurt? Am I allowed to blame the new fancy "security" policies?
PLEASE HELP ME FAST - I NEED URGENT ASSISTANCE - I will be refreshing my email every 30mns from now.
Click to expand...
Click to collapse
There are a few options you can take (if you have an unlocked bootloader). The quickest would be to simply delete the SetupWizard apk from TWRP.
Another option is to download and flash a ROM without Google Apps (make sure to download the camera apk of your choice- whether it be Snap or Google Camera).
Finally, you could try another VPN service (or server).
Go to a country that allows Google services to be used, or simply be patient as the VPN is apparently the problem. Your last two questions are likely rhetorical, but if you end up in a trap and get hurt it's your fault, not Google's. So no, you can't blame them for their Factory Reset Protection.
The "issue" with FRP is a simple one. It requires knowing the last Google account used and its password. This affects two different groups of people: those with "burner" accounts, and resellers.
In the case of the burner accounts people create a Google account with a password and don't bother to remember it because they don't want to give any information to Google. Then when they have to reset their devices for whatever reason FRP kicks in and they're screwed. Since they don't know the Google account or password they can't get back into the device.
The resellers purchase used devices and try to move them. However the person selling the device often does not clear out the account information from the device or does not remove the device from their account. When the device is sold the new owner attempts to enter their information and gets tripped up by FRP as they don't have the last Google account and its password.
"Burner" accounts are a pathway to disaster. Resellers are a bit more careful, and instances of FRP on a used device from a reseller have gone down.
negusp said:
There are a few options you can take (if you have an unlocked bootloader). The quickest would be to simply delete the SetupWizard apk from TWRP.
Another option is to download and flash a ROM without Google Apps (make sure to download the camera apk of your choice- whether it be Snap or Google Camera).
Finally, you could try another VPN service (or server).
Click to expand...
Click to collapse
Thanks for these options!
Yes, good old TWRP... Good option however since the phone is not rooted it would require a way to root it via fastboot flash, and also a way to push TWRP the same way.
I would perhaps rather downgrade to 6.0 or even 5.0 to see if I get lucky.
I could also buy a new phone here but the pricings are rather prohibitive and the models they have would be of no use outside of China.
I have tried mucking around with other VPNs today, it allowed me to go one or 2 steps further but the procedure finally s+++t itself in the end.
I should be in Vietnam tomorrow so hopefully the local telecom towers will allow me to finish my install....
I have no idea how i'm going to tell the taxi driver that I need to go to the train station without a portable system like an android phone, time is a bit short to chase down a paper dictionary.
If you still have some more leads on your TWRP methods that would solve this, please post ahead. I have no guarantees that Vietnam will solve this at this point in time.
Cheers mate.
Strephon Alkhalikoi said:
Go to a country that allows Google services to be used, or simply be patient as the VPN is apparently the problem. Your last two questions are likely rhetorical, but if you end up in a trap and get hurt it's your fault, not Google's. So no, you can't blame them for their Factory Reset Protection.
The "issue" with FRP is a simple one. It requires knowing the last Google account used and its password. This affects two different groups of people: those with "burner" accounts, and resellers.
In the case of the burner accounts people create a Google account with a password and don't bother to remember it because they don't want to give any information to Google. Then when they have to reset their devices for whatever reason FRP kicks in and they're screwed. Since they don't know the Google account or password they can't get back into the device.
The resellers purchase used devices and try to move them. However the person selling the device often does not clear out the account information from the device or does not remove the device from their account. When the device is sold the new owner attempts to enter their information and gets tripped up by FRP as they don't have the last Google account and its password.
"Burner" accounts are a pathway to disaster. Resellers are a bit more careful, and instances of FRP on a used device from a reseller have gone down.
Click to expand...
Click to collapse
Not Google's fault? Lets unpack this one... I am a council fixing up a foot path. The engineers have let a slight gap in the concrete due to a fabrication method process. If you trip and hurt yourself it's your fault yeah?
Secondo, it's not Google's job to make my phone safe from thieves, it's mine. Why in hell would they make my life complicated because some idiots spends $2000 on a phone a forget it in a taxi, I don't want to have to do all these things, I just want my phone to be able to be serviced easily. and especially if i'm in a critical area, my safety is more important than these people's concerns about thieves. An the cherry on the pie is that today with the cloud sync technology, who cares in the first place.
""Burner" accounts are a pathway to disaster." Mate, look up the word disaster's definition from the dictionary and see if it applied to a chum that has got his phone stolen and get back to me with that.
Kind regards
I normally don't dissect posts but...
vonz33 said:
]Not Google's fault? Lets unpack this one... I am a council fixing up a foot path. The engineers have let a slight gap in the concrete due to a fabrication method process. If you trip and hurt yourself it's your fault yeah?
Click to expand...
Click to collapse
It's not Google's fault as you have alternative options you could take. For instance, a dedicated GPS receiver from Garmin or Tom Tom. I keep both a Garmin GPS and a street atlas in my car as a backup to my N6 and I live stateside. Should I encounter an issue, I have a means to get where I need to go. It's called "being prepared".
Your argument is a strawman argument, because Google's Android software is working as intended. Your argument might have more weight if there was a bug in the software that prevented you from using it. FRP is not a bug.
Secondo, it's not Google's job to make my phone safe from thieves, it's mine. Why in hell would they make my life complicated because some idiots spends $2000 on a phone a forget it in a taxi, I don't want to have to do all these things, I just want my phone to be able to be serviced easily. and especially if i'm in a critical area, my safety is more important than these people's concerns about thieves. An the cherry on the pie is that today with the cloud sync technology, who cares in the first place.
Click to expand...
Click to collapse
Bit of a strawman here as well, as the issue isn't the person accidentally leaving his device in a taxi, but the person who gets their device stolen. Add to that the hyperbole of a $2,000 phone and you have a funny comment.
This is Google complying with California's kill switch law that went into effect two years ago. Since people travel in and out of California all the time and it's nearly impossible to target devices with "California-only" firmware Google implemented FRP worldwide. The entire idea of FRP is to make the phone impossible to use if it is stolen.
""Burner" accounts are a pathway to disaster." Mate, look up the word disaster's definition from the dictionary and see if it applied to a chum that has got his phone stolen and get back to me with that.
Kind regards.
Click to expand...
Click to collapse
The situation you describe is exactly why FRP was implemented on devices. Burner accounts will lead to disaster because it is inevitable that the owner will have to reset his device for whatever reason. When he does, he's screwed. I will clarify one thing here: when I refer to a "Burner" account I refer to an account with a random string of letters and numbers used for both email address and password with the express purpose of preventing Google from tying data collected from the device to the owner of that device. Ideally, if you really want to use a throwaway account, you at least make up an email address and password that are both easy to remember.
For the record, here's the definition of "disaster". Definition 3 applies to this conversation.
dis·as·ter (dəˈzastər)
noun
1. a sudden event, such as an accident or a natural catastrophe, that causes great damage or loss of life. "159 people died in the disaster"
synonyms: catastrophe, calamity, cataclysm, tragedy, act of God, holocaust; accident. "a subway disaster"
2. denoting a genre of films that use natural or accidental catastrophe as the mainspring of plot and setting.
modifier noun: disaster. "a disaster movie"
3. an event or fact that has unfortunate consequences. "a string of personal disasters"
synonyms: misfortune, mishap, misadventure, mischance, setback, reversal, stroke of bad luck, blow. "a string of personal disasters"
P.S. When quoting something written in quotes, double quotes are replaced with single quotes. Thus, in quoting me you want to say, "'Burner' accounts are a pathway to disaster."
If you google for hacking the latest devices, you will find a large number of posts of advertisements for Cellebrite (a well-known security research organization) to provide physical extraction of IOS and android devices, including the S9/S9+. You will also discover additional commentary on the latest pursuits in forensics, some claiming the ability to root Samsung devices without tripping the Samsung Knox fuse bit, or other claims with successful attacks against Samsung and its group of Knox enabled phones. Lots of discussion about loading alternative bootloaders, and even some claiming to get past the encryption. Perhaps someone can provide a simple response...
Is there a known attack to gain access to encrypted data on a Samsung S9, S9+, or note 9 device? Particularly, can knox containers be extracted/decrypted with forensics tools and/or physical access attacks?
I think this is particularly interesting since Apple has updated IOS 12 with something that makes it more difficult (I'll wait before saying impossible) for tools/labs used by law enforcement agencies to gain access to their devices... I've always held that the Samsung devices with all their government usage and certifications got a lot more attention with making sure this was not possible... And the record seems to indicate that...
Thanks for any response/contribution to the discussion.
Simple response: We don't know because if they do have a way to break the encryption, they wouldn't want Samsung or anyone else to be aware.
I suspect enabling the login before Android boots fully would help but my guess is that there is likely someone out there capable of breaking all of the encryption.
I was running a U1 XAA build of Android 10 2.0 with the
June 1 Security patch that I'd downloaded and flashed
from Sammobile.
Awhile ago I downloaded and flashed the U1 XAA 2.1 update from the same place and noticed that there
are a number of apps I can no longer deny Wifi Control
access to under the Apps Special access area:
DeviceTest
DeviceKeystring
FACM
Gear VR Service
Voice wake-up
being 5 out of the 12 I cant deny access to.
Also I am no longer able to disable Google Play Services
whereas before in 2.0 I could. I'm not even allowed to forcestop Play Services now! Its not just these two changes, there are other things I used to be able to disable but now can't. And I have *two* 'SmartThings'
apps, one is version 10.0.37.0 and the other is version
1.7.50-21 (the-21 is just how its listed.)
I know this all sounds somewhat tame and trivial but I would like to know if this is all normal and can be confirmed by anyone else.
Anyone
-----------------
**Update**
Okay, just wanted to post some info on some sort of resolution to the above, mostly for those who make honest and earnest pleas for help and ask really pertinent questions but are ignored by the knowledgable (or criminal)
peruser.
In short, I was hacked. It doesn't come as a surprise (has happened *many* times with my N9. It *does* make me wonder about that supposed military-grade Knox security)
How do you know if you're hacked?? I just used the Running Services lister under Development Tools. Look
for services that shouldn't be running as often as they do
(Last hack they had Samsung Push which is for delivering notifications related to Samsung apps?? running something as a Service (not sure what it was but as soon as I stopped it, it popped right back up) or things you never use or have deactivated showing up in the cache (ESPECIALLY Aircommand!! Disable this as a Trusted Agent immediately! And keep an eye on it, and always keep the Air Remote feature OFF).
Also, the Google Play Store app. When I flashed the July 2020 Security update I noticed the Play Store was still at the May 2020 version update. I didn't think much of it at the time, but after having to Factory Reset I noticed it now read July 1 2020. So I guess the 'worms' have the May version hacked. Sucks that villany loves working for free breaking stuff, but in order to build something up and protect it, it takes toil and coercion.
Finally (Not sure if this is actually a sign of malware or hacking, but the only reference I could find relating to it
was from a guy who was truly beleaguered by hackers)
theres a User Certificate under Biometrics & Security / Other
Security settings / User Certificates that reads as
'FindMyMobile' and purports to being necessary for VPN security and other applications. Well, I had Find My Mobile
deactivated and uninstalled via ADB and it still showed back up after being deleted numerous times and my VPN seems to work without it. It might be for the Note 9's
built-in Knox android VPN strengthening parameters, but I couldn't find nfo online about it anywhere except in the case I mentioned which seems very odd. Qualifying proof of its malicious intent for me?: After factory resetting it hasn't shown back up.
I dont think my N9 is cleaned or I should say I'll never trust a smart phone fully again, not until the outdated and hacked 40 year old SS7 protocol that runs all cellular communications is updated, not until something more reliably secure than 'somewhat' obsfucatingly complex baseband processors are present in phones and maybe something akin to a hardware firewall in the soc that can interpret and filter non-carrier invalid commands (prob only need to update that damn SS7 protocol!) I'd also love it if Google/Alphabet would dump Android and start over with a new updated mobile OS with security at the forefront (Think, updates delivered via 'Middleware', roms bought initially directly from the manufacturer that can be crytographically flashed up to three times with signed updates with each update burned and locked into the rom via fuses. Each factory reset brings you back to your last update. The roms are only updatable if a hardware dip switch is tripped which moves actual physical leads in the soc which powers the ability to flash this chip. And maybe screw AOSP, I wonder if all this open sourceness has actually given the malware creators more knowledge to
finess the software and the hardware. The so-called white-hat 'Ethical Hackers' (LOL! HOW can breaking into someone's personal space without permission outside of national defense be considered ethical?!? All hackers are criminals. If you want to be considered a 'good' hacker (*snort*) bring to light the measly exploits and software, the slime who make and distribute the same and tell how to protect against them and detect them and disable them. Criminals giving webinars and seminars about how to circumvent protections for devices that billions of people rely on for living should be outlawed FULL-STOP-PERIOD I'd rather have one slime who knows how to get into a system than having that slime be allowed to freely distribute the software and knowledge so that millions of other definately less conscionable scum can make use of his knowledge.)
hackers only care about making their fame and fortune by
beinging to light obscure and unknown exploits that no one has ever used or are likely to use than going after to exoloits that *are* in use and *do* affect those in the here and now. It must give some sense of ease not to be in contention with real criminality and the fear of any reprisals from the 'less-ethically saturated' in the tech community.
Just wanted to get that out somewhere. I know its pointless and no-one will listen. Look at what Edward Snowden sacrificed for people who were/are unworthy of *any* sacrifice by betraying everything bit by bit, battle by battle until it must one day be reclaimed (if it can be) via costly confrontation, disruption and perhaps irrevocable critical loss.
Okay, END RANT. Yeah, a slow day, corona cloud and all.
But seriuosly the Feds need to check all this electronic criminality, its gotten waaay out of hand. TO FEDS: Less hunting terrorists, MORE hunting electronic predators and anarchists!
Hi, @tamdwin,
Even though you believe your phone may have been hacked, DeviceKeystring, DeviceTest, EmergencyManagerService, FACM, IMS Service, IOTHiddenMenu, Samsung MirrorLink 1.1, Settings, Setup Wizard, Wi-Fi Direct & WlanTest are enabled on my Note9 with One UI 2.1, Security patch: 1 July 2020 (w/out Google Play Services/Google Play Store, Bixby, GearVR, DeX...only have Google Services Framework installed).
After downloading the 1 July 2020 Security update, I noticed that these services could no longer be turned off for wi-fi control.
Wish I never downloaded the update for the fancy camera features, lol.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
Some of the settings, such as disabling "Find My Mobile" from running in the background, reset/enable after you restart the phone.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
But will it blend!
https://www.youtube.com/watch?v=FN9mktgYZJ8
I am worried about these things, so I am looking at developing my own custom ROM.
Sorry for my English I Am brazillian
@P00r ROFL! The Samsung S4 Active shake looks delicious! Thank you for sharing the vid!
silvaBR said:
I am worried about these things, so I am looking at developing my own custom ROM.
Click to expand...
Click to collapse
That sounds like an excellent plan!