+- PINE64 (https://forum.pine64.org)
+-- Forum: PINE A64(+) (https://forum.pine64.org/forumdisplay.php?fid=4)
+--- Forum: Android on Pine A64(+) (https://forum.pine64.org/forumdisplay.php?fid=5)
+--- Thread: Security Issue Affected? (/showthread.php?tid=1018)
Security Issue Affected? - lovenemesis - 05-11-2016
Not a headline but still draws quite an attention on this perhaps intentional "backdoor" for rooting:
http://arstechnica.com/security/2016/05/chinese-arm-vendor-left-developer-backdoor-in-kernel-for-android-pi-devices/
From the reading of the article and comments, PINE64 seems to be also vulnerable to this issue.
I could verify it while getting back to home this weekend. But before that, Is it so?
RE: Security Issue Affected? - hazerty - 05-12-2016
you was faster than me to show the article
RE: Security Issue Affected? - tkaiser - 05-12-2016
(05-11-2016, 09:40 PM)lovenemesis Wrote: http://arstechnica.com/security/2016/05/chinese-arm-vendor-left-developer-backdoor-in-kernel-for-android-pi-devices/
If people would read thoroughly through the articles they link to threads like this could be avoided. The first link in your article explains it all. And before opening a new thread about a 'backdoor' it would be worth the efforts to enter the term 'backdoor' into the search field (that's in the upper right corner of this browser window). All questions already answered: http://forum.pine64.org/showthread.php?tid=1014
RE: Security Issue Affected? - Luke - 05-12-2016
Longsleep said that the backdoor wasn't found in his kernel - Think this should put everyone's minds at ease.
RE: Security Issue Affected? - tkaiser - 05-12-2016
(05-12-2016, 06:44 AM)Luke Wrote: Longsleep said that the backdoor wasn't found in his kernel
That's NOT a backdoor, that's just a piece of code for H3/A83T devices that has been made publicly available on Github (so everyone was able to audit the code) to help debug/root Android devices.
Why do people only read lurid headlines, then do NOT read through the article they link to just to spread FUD again and again?
Since the arstechnica article has been referred please read through this comment here and then stop calling this a backdoor and badmouthing Allwinner.
RE: Security Issue Affected? - lovenemesis - 05-12-2016
(05-12-2016, 07:17 AM)tkaiser Wrote:(05-12-2016, 06:44 AM)Luke Wrote: Longsleep said that the backdoor wasn't found in his kernel
That's NOT a backdoor, that's just a piece of code for H3/A83T devices that has been made publicly available on Github (so everyone was able to audit the code) to help debug/root Android devices.
Why do people only read lurid headlines, then do NOT read through the article they link to just to spread FUD again and again?
Since the arstechnica article has been referred please read through this comment here and then stop calling this a backdoor and badmouthing Allwinner.
I should use the Search in forum better.
Don't get me wrong. Comment you provided was read, which I agree that's too obvious to be a real backdoor. That's why I put double quotation marks around it in my original post.
The concern I had was some nasty apps might abuse PINE64 with it.
And when did I ever badmouthing Allwinner?
RE: Security Issue Affected? - rahlquist - 05-13-2016
(05-12-2016, 11:21 PM)lovenemesis Wrote:A backdoor implies it grants access to the device. This did not I believe. This was a privilege escalation. You had to be logged into the device or have code executing on it to even use this "backdoor".(05-12-2016, 07:17 AM)tkaiser Wrote:(05-12-2016, 06:44 AM)Luke Wrote: Longsleep said that the backdoor wasn't found in his kernel
That's NOT a backdoor, that's just a piece of code for H3/A83T devices that has been made publicly available on Github (so everyone was able to audit the code) to help debug/root Android devices.
Why do people only read lurid headlines, then do NOT read through the article they link to just to spread FUD again and again?
Since the arstechnica article has been referred please read through this comment here and then stop calling this a backdoor and badmouthing Allwinner.
I should use the Search in forum better.
Don't get me wrong. Comment you provided was read, which I agree that's too obvious to be a real backdoor. That's why I put double quotation marks around it in my original post.
The concern I had was some nasty apps might abuse PINE64 with it.
And when did I ever badmouthing Allwinner?
So its not entirely your fault the press doesn't understand the distinction.