Yay! How do people make rookie mistakes like these? Always verify certificates, and, even better, hardcode the cert/CA fingerprint in your client (so it can't get replaced with a valid cert upstream).
The issue is not the lack of SSL but to not sign and verify the images. If they want to use mirrors to distribute the binaries it's a far better solution.
You still need to securely fetch the signatures somehow initially. Similarly, http://download.cyanogenmod.org/ provides md5 hashes for downloads but because it's not done over HTTPS you've got no guarantee that you're getting the right hash to verify the insecure download.
There are people in the world capable of spoofing SSL one way or another (forged certs, suborned CAs, etc.), though it certainly does raise the bar past the script kiddie level.
Yeah, and Linux is compromised if someone kidnaps Linus Torvalds family in exchange for creating a backdoor in the Linux kernel.
The security is created by humans to be used by humans; so nothing is truly safe if <insert random circumstance> happens; and anyway, for cases like yours the hack would be found after few days when any of the people in charge of the compiling realizes that the check-sum is spoofed and would advice anyone to update the OS after the issues is taken care of.
(Whoops, I fucked up a few http/https there. It should say that CM are only using HTTP, they aren't using ANY HTTPS at all. I had a misplaced sed there)
So much for a greater emphasis on security. How is this not one of the first things checked on? Providing encrypted messaging and permissions tuning on apps doesn't mean a whole lot if these sorts of bugs exist.
All I want is a fully open source phone from the radio firmware up. Android has been such a disappointment for me as a security conscious person, between googles questionable open source policies to the carrier hell it gets forced into and into the blackbox of radio protocols like GSM that far too often have DMA to the same segments of the CPU.
The whole point of FOSS is to be able to see what's going on, for freedom and control to the user. At this point I barely see Android as any better than IOS, aka, a very pretty jail for the user.
The lack of security advisories for even the major open-source Android distributions scares me: can anyone imagine if major Linux distributions provided no security advisories?
I run CyanogenMod Stable on my phone, the kernel build date is given as Sep 23 2013. Are they really meaning to imply that no security advisory published for Linux after that effects CyanogenMod? Most are purely local attacks, but still therefore malware vectors, and then there's things like CVE-2013-7027, which on the face of it should effect Android.
At the moment, I'm running CyanogenMod purely under the assumption it'll be more secure than the default Samsung installation (no updates in about two years), as at least it gets updates! Yet, at the end of the day, I see little to convince myself they are actually keeping up with upstream security fixes. No Android distribution seems to have a coherent story when it comes to security advisories, sadly. :( (I have a Galaxy S2, if anyone wants to convince me to try another distribution/OS!)
I am essentially in the same boat, running CyanogenMod stable as well, mostly to escape google. I am having many issues with it, and have been actively looking for a good alternative. There are a few open source phone projects ongoing, but non are in production yet so for the time being Replicant seems to be better than CyanogenMod to me, but it has limited hardware support at the moment. I do think your S2 is supported though, you might try it out.
There are lots of exploits, and every time someone publishes a rooting method that does not require "fastboot oem unlock" (gingerbreak, ashmem, mempodroid, exploid, etc) it's one of the CVEs being exploited.
Rrrright, so I will consider my GNU/Linux installation not any better than Windows or OsX, since my video driver, my wifi driver, my BIOS, my Ethernet controller firmware and my hard disk firmware are all closed source.
You are lacking perspective if you think that:
1) a completely open source phone is easy to make
2) iOS and Windows phone are on par with Android's level of openness
CM's commitment to bringing support to legacy devices is admirable, but they bundle some very annoying, redundant and as OP says unsecured applications with their ROM packages.
CM Account, CM Updater, Movie Studio, File Manager and CM Wallpaper are all apps that I uninstall as soon as I flash a ROM to one of my devices.
Their CM File Manager for one is a totally redundant application that hasn't been updated in a long time, despite being broken (it doesn't work in Super User mode without done juggling about)
Their CM Account is one other thing that I find totally pointless.
CM would be better off bringing more innovative features to Android instead of just copying drivers from CAF and changing headers to say CM instead of CAF or AOSP.
The innovation in the Android ROM community has been coming from Paranoid Android, AOKP, Omni and Slim ROMs, and from the Xposed community.
They've been reduced to being a repo shepherd for certain devices, but most of their user base comes from people running "Unofficial" builds compiled by independent developers.
I think, as a start up, they'd be better off if they focused on features instead of just trying to market CM Phones that essentially run a Nexus like build of plain vanilla Android.
... So what youre saying is that my galaxy nexus' inability to list cm11 "M" releases (and forcing me to download them manually when they come out) is actually a security feature?
24 comments
[ 3.7 ms ] story [ 67.2 ms ] thread(Example: https://www.google.com/search?q=b13afc01102c84425ca995469f1a...)
They need to sign their updates as well.
The security is created by humans to be used by humans; so nothing is truly safe if <insert random circumstance> happens; and anyway, for cases like yours the hack would be found after few days when any of the people in charge of the compiling realizes that the check-sum is spoofed and would advice anyone to update the OS after the issues is taken care of.
The whole point of FOSS is to be able to see what's going on, for freedom and control to the user. At this point I barely see Android as any better than IOS, aka, a very pretty jail for the user.
I run CyanogenMod Stable on my phone, the kernel build date is given as Sep 23 2013. Are they really meaning to imply that no security advisory published for Linux after that effects CyanogenMod? Most are purely local attacks, but still therefore malware vectors, and then there's things like CVE-2013-7027, which on the face of it should effect Android.
At the moment, I'm running CyanogenMod purely under the assumption it'll be more secure than the default Samsung installation (no updates in about two years), as at least it gets updates! Yet, at the end of the day, I see little to convince myself they are actually keeping up with upstream security fixes. No Android distribution seems to have a coherent story when it comes to security advisories, sadly. :( (I have a Galaxy S2, if anyone wants to convince me to try another distribution/OS!)
http://www.replicant.us/
And for anyone wondering about privacy/FOSS tools in general, the EFF put together Prism-Break site has been constantly updated.
https://prism-break.org/en/all/
There are lots of exploits, and every time someone publishes a rooting method that does not require "fastboot oem unlock" (gingerbreak, ashmem, mempodroid, exploid, etc) it's one of the CVEs being exploited.
You are lacking perspective if you think that: 1) a completely open source phone is easy to make 2) iOS and Windows phone are on par with Android's level of openness
Edit: people downvoting, state why please
CM Account, CM Updater, Movie Studio, File Manager and CM Wallpaper are all apps that I uninstall as soon as I flash a ROM to one of my devices.
Their CM File Manager for one is a totally redundant application that hasn't been updated in a long time, despite being broken (it doesn't work in Super User mode without done juggling about)
Their CM Account is one other thing that I find totally pointless.
CM would be better off bringing more innovative features to Android instead of just copying drivers from CAF and changing headers to say CM instead of CAF or AOSP.
The innovation in the Android ROM community has been coming from Paranoid Android, AOKP, Omni and Slim ROMs, and from the Xposed community.
They've been reduced to being a repo shepherd for certain devices, but most of their user base comes from people running "Unofficial" builds compiled by independent developers.
I think, as a start up, they'd be better off if they focused on features instead of just trying to market CM Phones that essentially run a Nexus like build of plain vanilla Android.
> Content Blocked (content_filter_denied) > Content Category: "Malicious Sources/Malnets"
Any idea why this site would be blocked at $BIGCORP?