There is no option. There is too much variation in the various phone chips for the hardware hacking community to reverse engineer more than a bare handful. And as soon as the hardware has been reverse engineered, it will never be used again by a manufacturer making the exercise largely pointless.
Add to that, the fact that Qualcomm actively discourages long term support of their chips….
They advert for a support between 8 and 10 years (at least 5 major version of Android, and security patches after that).
I don’t know their politic about the availability of the repair parts, but if it’s for the same amount of time, I’ll be happy.
I changed the battery and the usb port of my OP7 last year… the oneplus site didn’t sell them anymore, I had to go on aliexpress to have both … That’s quite frustrating for a device that is 5 years old…
Firmware patching is applying low-level firmware to the modem or baseband, similar to a BIOS update on a desktop or server. These binary libraries are (a) proprietary, and (b) opaque to the user (meaning they’re not documented like normal software)
Once a vendor drops support for a platform, that’s it, that’s the end of the line. The device will still work, but any, glitches, firmware vulnerabilities, or updates for network-side changes will no longer be addressed.
This is just not realistic though, as the support is so short. You cannot buy phones ever few years. Only thing you can realistically do is apply at least Lineage and exercise caution.
Knowing your threat model and being aware of your tradeoffs and decisions is useful. Maybe security isn’t more important than longevity, but the phone owner should be making a deli rate choice.
With the new pixels having 7 years of support things are improving. It would be nice for them to open source the hardware specs at the end of the support window…
There are 3 billion Android devices. So basically everyone is incentivized to break in. Especially if the firmware is not updating, that means once you find an exploit it’s good forever
Plus, and most people don’t realize this, the same chips are used in multiple different phones. So you just have to break the baseband once, and you get into multiple different phone models
Although using an up to date Android userspace is still less bad than stopping all the updates once the vendor jumps the ship.
It’s not going to stop a dedicated attacker, but having a somewhat secure webview that’s not going tu crumble under the first piece of malicious javascript goes a long way towards the peace of mind.
If a rootkit is hiding at the hardware level, it may not matter what operating system or web browser you’re using on your phone. A rootkit at this low level could potentially evade detection by the OS and modify files or memory without the operating system’s knowledge. It may also be able to disrupt secure boot processes and monitor radio transmissions like Bluetooth, WiFi, and NFC.
Once an exploit is found that works on a particular device model, and attackers know the device manufacturer will never release firmware updates again, they could start searching for any users of that phone model. A rootkit installed this way may remain on the phone permanently since firmware updates are no longer being provided. The phone user may be unaware their device has been compromised.
LineageOS does not employ a dedicated security engineer for each phone model. Maintainers with LineageOS typically take the latest firmware from the original device manufacturer and import it into their build process. But if the latest firmware release from the manufacturer is already three years old, it’s possible there may now be several undiscovered vulnerabilities in that outdated code.
So for the average users that only want to go on with their lives and not buy brand new phones every 2-3 years (or don’t live in places where fairphone and pixel phones are available) what would be the solution?
If a person is not some POI, don’t you think that wouldn’t be better to flash something that at least includes some relatively up to date security patches?
And how those rootkits are being loaded to phones with outdated firmware? Bundled with the last OS that was flashed or remotely by exploiting security flaws? Not a dev, but curious about it.
It’s generally best to get a phone that receives software updates and security patches for more than 2-3 years. This is because vulnerabilities can be discovered in older hardware that cannot be fully fixed with a software update alone. While updating the OS helps with security at that level, flaws in the underlying hardware may still exist. Additionally, threats can come from various sources like malicious apps, texts, USB devices, or physical access, not just online attacks. Choosing a manufacturer that supports phones longer can help reduce these risks over the life of the device.
It’s generally best to get a phone that receives software updates and security patches for more than 2-3 years.
See first paragraph again, not everybody is as affluent as you’re, look at the problem from the other perspective
Additionally, threats can come from various sources like:
malicious apps,
will take control of the phone from the inside out, nothing will withstand that
texts,
Pegasus will use 0day, nothing to do about that
USB devices, or physical access,
Once somebody have physical access because you’re some POI and not an average Joe, not much you can do
Choosing a manufacturer that supports phones longer can help reduce these risks over the life of the device.
See first paragraph, parenthesis content. Also phones are made with short lifespan on purpose, this gives steady inflow of money for the manufacturers, only few will give you what you want
See first paragraph again, not everybody is as affluent as you’re, look at the problem from the other perspective
There is no blanket advice for which device to use. You will have to look it up yourself. But if you’re using a phone beyond its supported time, then you are vulnerable.
will take control of the phone from the inside out, nothing will withstand that
Nothing can withstand a 0-day attack, but it’s on your manufacturer to prevent a 1460-day attack.
Pegasus will use 0day, nothing to do about that
See above statement.
Once somebody have physical access because you’re some POI and not an average Joe, not much you can do
You can be a random person walking in a busy metro area and happen to get in range of someone who is scanning for a particular device to use a side-channel attack on. You don’t have to be a POI.
See first paragraph, parenthesis content. Also phones are made with short lifespan on purpose, this gives steady inflow of money for the manufacturers, only few will give you what you want
The manufacturers are still responsible for patching their devices. Once they stop doing that, you should know that device can’t be trusted with your privacy and security. This is the minimum baseline standard. If you are trying to extend the life of a device by yourself, and use it as a daily driver, you have decided that your data is free for anyone to have.
You can be a random person walking in a busy metro area and happen to get in range of someone who is scanning for a particular device to use a side-channel attack on. You don’t have to be a POI.
I guess if you’re broadcasting all the beacons your phone can be pawned even if you miss the last month OS update on your latest, greatest, shiny toy. This is just inevitable.
Running a phone without firmware and driver security patches is a huge risk, that goes up geometrically the longer the phone is out of support.
Lineageos is great for making older devices useful but they are not secure, and they shouldn’t be used for anything sensitive like money
For the down voters. Imagine I have a time machine and bring a precontact native American to present day. I know this is dangerous, so I make them read every modern medical textbook first. Chances are they are going to catch a fun modern disease rapidly and die. Not because they didn’t have the knowledge, but because their immune system didn’t co-evolve with the threats. Being stuck out of time is in anachronism, but that’s exactly what we’re asking our cell phones to do. We prevent them from co-evolving with current threats, and then expect them to match all the threats in the future…
LineageOS will only patch Android. It will not patch hardware vulnerabilities after the device no longer has support from the manufacturer.
Both of these OSes are dangerous for privacy and security.
What’s your suggestion for hardware patches after the manufacturer ends support?
There is no option. There is too much variation in the various phone chips for the hardware hacking community to reverse engineer more than a bare handful. And as soon as the hardware has been reverse engineered, it will never be used again by a manufacturer making the exercise largely pointless.
Add to that, the fact that Qualcomm actively discourages long term support of their chips….
That’s why Fairphone choose a QCM6490 for the fairphone 5. It’s far from being the best, but it has longer term support than mainstream oriented SOC.
Since the SOC will probably be enough for most of users, it’s not a bad option I guess.
Well then I really hope the Fairphone 5 is gonna get really long term support and start a new trend in that regard.
Just buying a new phone every 5 years isn’t sustainable!
They advert for a support between 8 and 10 years (at least 5 major version of Android, and security patches after that). I don’t know their politic about the availability of the repair parts, but if it’s for the same amount of time, I’ll be happy.
I changed the battery and the usb port of my OP7 last year… the oneplus site didn’t sell them anymore, I had to go on aliexpress to have both … That’s quite frustrating for a device that is 5 years old…
8 to 10 years is good, but it should be just a start.
I’m still using my PlayStation 3 and a computer from 15 years ago (as a backup) and I think it should be the same with smartphones
Exactly my point. Thank you.
Get a new phone the vendor does support.
Firmware patching is applying low-level firmware to the modem or baseband, similar to a BIOS update on a desktop or server. These binary libraries are (a) proprietary, and (b) opaque to the user (meaning they’re not documented like normal software)
Once a vendor drops support for a platform, that’s it, that’s the end of the line. The device will still work, but any, glitches, firmware vulnerabilities, or updates for network-side changes will no longer be addressed.
This is just not realistic though, as the support is so short. You cannot buy phones ever few years. Only thing you can realistically do is apply at least Lineage and exercise caution.
Denying reality isn’t realistic either.
Knowing your threat model and being aware of your tradeoffs and decisions is useful. Maybe security isn’t more important than longevity, but the phone owner should be making a deli rate choice.
With the new pixels having 7 years of support things are improving. It would be nice for them to open source the hardware specs at the end of the support window…
https://support.google.com/pixelphone/answer/4457705
Who’s going to be digging into the depths of a 5+ year old phone on the off chance they can find a baseband vulnerability though?
Even if they do find something, the number of people for them to exploit is probably going to be vanishingly small.
https://www.theverge.com/2021/5/18/22440813/android-devices-active-number-smartphones-google-2021
There are 3 billion Android devices. So basically everyone is incentivized to break in. Especially if the firmware is not updating, that means once you find an exploit it’s good forever
Plus, and most people don’t realize this, the same chips are used in multiple different phones. So you just have to break the baseband once, and you get into multiple different phone models
Although using an up to date Android userspace is still less bad than stopping all the updates once the vendor jumps the ship.
It’s not going to stop a dedicated attacker, but having a somewhat secure webview that’s not going tu crumble under the first piece of malicious javascript goes a long way towards the peace of mind.
If a rootkit is hiding at the hardware level, it may not matter what operating system or web browser you’re using on your phone. A rootkit at this low level could potentially evade detection by the OS and modify files or memory without the operating system’s knowledge. It may also be able to disrupt secure boot processes and monitor radio transmissions like Bluetooth, WiFi, and NFC.
Once an exploit is found that works on a particular device model, and attackers know the device manufacturer will never release firmware updates again, they could start searching for any users of that phone model. A rootkit installed this way may remain on the phone permanently since firmware updates are no longer being provided. The phone user may be unaware their device has been compromised.
LineageOS does not employ a dedicated security engineer for each phone model. Maintainers with LineageOS typically take the latest firmware from the original device manufacturer and import it into their build process. But if the latest firmware release from the manufacturer is already three years old, it’s possible there may now be several undiscovered vulnerabilities in that outdated code.
So for the average users that only want to go on with their lives and not buy brand new phones every 2-3 years (or don’t live in places where fairphone and pixel phones are available) what would be the solution?
If a person is not some POI, don’t you think that wouldn’t be better to flash something that at least includes some relatively up to date security patches?
And how those rootkits are being loaded to phones with outdated firmware? Bundled with the last OS that was flashed or remotely by exploiting security flaws? Not a dev, but curious about it.
It’s generally best to get a phone that receives software updates and security patches for more than 2-3 years. This is because vulnerabilities can be discovered in older hardware that cannot be fully fixed with a software update alone. While updating the OS helps with security at that level, flaws in the underlying hardware may still exist. Additionally, threats can come from various sources like malicious apps, texts, USB devices, or physical access, not just online attacks. Choosing a manufacturer that supports phones longer can help reduce these risks over the life of the device.
See first paragraph again, not everybody is as affluent as you’re, look at the problem from the other perspective
will take control of the phone from the inside out, nothing will withstand that
Pegasus will use 0day, nothing to do about that
Once somebody have physical access because you’re some POI and not an average Joe, not much you can do
See first paragraph, parenthesis content. Also phones are made with short lifespan on purpose, this gives steady inflow of money for the manufacturers, only few will give you what you want
There is no blanket advice for which device to use. You will have to look it up yourself. But if you’re using a phone beyond its supported time, then you are vulnerable.
Nothing can withstand a 0-day attack, but it’s on your manufacturer to prevent a 1460-day attack.
See above statement.
You can be a random person walking in a busy metro area and happen to get in range of someone who is scanning for a particular device to use a side-channel attack on. You don’t have to be a POI.
The manufacturers are still responsible for patching their devices. Once they stop doing that, you should know that device can’t be trusted with your privacy and security. This is the minimum baseline standard. If you are trying to extend the life of a device by yourself, and use it as a daily driver, you have decided that your data is free for anyone to have.
I guess if you’re broadcasting all the beacons your phone can be pawned even if you miss the last month OS update on your latest, greatest, shiny toy. This is just inevitable.
You can always go the iPhone route and have Apple support your device for over six years. And you don’t have to buy a phone for a very long time.
100% you are correct.
Shame on the down voters.
Running a phone without firmware and driver security patches is a huge risk, that goes up geometrically the longer the phone is out of support.
Lineageos is great for making older devices useful but they are not secure, and they shouldn’t be used for anything sensitive like money
For the down voters. Imagine I have a time machine and bring a precontact native American to present day. I know this is dangerous, so I make them read every modern medical textbook first. Chances are they are going to catch a fun modern disease rapidly and die. Not because they didn’t have the knowledge, but because their immune system didn’t co-evolve with the threats. Being stuck out of time is in anachronism, but that’s exactly what we’re asking our cell phones to do. We prevent them from co-evolving with current threats, and then expect them to match all the threats in the future…