Peterborough Linux User Group (Canada) Forum

Linux & Android => Security and Privacy => Topic started by: ssfc72 on February 29, 2020, 04:06:14 AM

Title: Security researcher says to 'stop buying' Samsung phones
Post by: ssfc72 on February 29, 2020, 04:06:14 AM
https://www.tomsguide.com/uk/news/mobile-auth-app-hack-rsa20

https://www.pcmag.com/news/android-malware-can-steal-2fa-codes-from-google-authenticator-app

Some interesting info about security problems with Android and Apple cell phones.
Title: Re: Security researcher says to 'stop buying' Samsung phones
Post by: fox on February 29, 2020, 08:24:26 AM
I don't understand the specific reference to Samsung phones. According to this article (https://www.tomsguide.com/uk/us/android-patch-gap,news-26970.html), which was referenced by one of the references in Bill's post, Samsung was one of the better manufacturers in terms of their security patches.
Title: Re: Security researcher says to 'stop buying' Samsung phones
Post by: Jason on February 29, 2020, 10:14:56 AM
Quote from: fox on February 29, 2020, 08:24:26 AM
I don't understand the specific reference to Samsung phones. According to this article (https://www.tomsguide.com/uk/us/android-patch-gap,news-26970.html), which was referenced by one of the references in Bill's post, Samsung was one of the better manufacturers in terms of their security patches.

That article is from almost 2 years ago. It might have something to do with it. But like you, in the first article Bill referenced, I don't get the Samsung hate other than mentioning that they have faked updates. The same article said that others had, too. I might stay away from those phones simply because they're a bigger target (i.e. more people use them).
Title: Re: Security researcher says to 'stop buying' Samsung phones
Post by: Jason on February 29, 2020, 10:33:59 AM
I just checked using SnoopSnitch any my 3-year old Sony phone has has 91 patches and 4 that came out since the last claimed patch level (May 5, 2019). Unless I look up each CVE, I don't how critical those patches are; maybe later, I'll look them up.
Title: Re: Security researcher says to 'stop buying' Samsung phones
Post by: fox on February 29, 2020, 01:07:55 PM
I downloaded and ran SnoopSnitch as well on my Galaxy S9. Result: 52 patches, none missing. Last claimed patch level: Jan. 1, 2020. So much for trashing Samsung.  >:(
Title: Re: Security researcher says to 'stop buying' Samsung phones
Post by: Jason on February 29, 2020, 01:15:07 PM
New phone? Like relatively new - last six months new?

I don't think they're bothering to patch my phone anymore although your article mentioned that Sony was one of the companies (in 2018, anyway) that was good with patching. But my phone is three years old. I doubt many phones are patched after that amount of time. Even Google only promises two years of patching for their phones.
Title: Re: Security researcher says to 'stop buying' Samsung phones
Post by: Jason on February 29, 2020, 01:17:43 PM
I just re-read the article in the first link that ssfc mentioned and it refers to their slideshow (https://published-prd.lanyonevents.com/published/rsaus20/sessionsFiles/17914/2020_USA20_MBS1-W02_01_Mobile%20MFA%20Madness%20Mobile%20Device%20Hygiene%20and%20MFA%20Integrity%20Challenges.pdf). That's kind of cool. Maybe that will explain better why the one research doesn't recommend Samsung.
Title: Re: Security researcher says to 'stop buying' Samsung phones
Post by: fox on February 29, 2020, 01:25:11 PM
Quote from: Jason Wallwork on February 29, 2020, 01:15:07 PM
New phone? Like relatively new - last six months new?
....
New to me (I bought it secondhand a few months ago), but the Samsung Galaxy S9 came out in March 2018. So almost 2 years old.