I’ve been saying that to some people around me which use old and outdated devices. They don’t care. I told them their phone is vulnerable with hundred if not thousands of patches missing and they should replace it asap. They still don’t care because they don’t see the difference on their day to day.
I gave up.
But now that this thread is there, what are real life examples that could happen on a device with unpatched CVEs? Would those have to always be targeted? I.e., if you’re not targeted, you would be “safe”?
Yeah, I see it often too but there are nothing really you can do about it. Besites give advice and calling them stupid.
If it is person you care about you can give them a new device at birthdays, christmas, etc. If it is too experience try get a few people too help buying it.
I personally have gifted my mom a newish iphone and a pixel tablet and installed GOS on it because she was using a very old tablet as a screen for her security cameras.
And I have given 2 brothers my old phones with GOS.
And installed Linux mint on my grandmother laptop a few years ago. Because she got hacked on Facebook 2 times and I got tired of helping her every few week because something on windows broke or got slow or something else.
I pretty much just installed mint set it to automatic update and installed brave browser, a few years of peace. She is now using a iPad thanks god.
Okay okay, I understand there are many vulnerabilities in operating systems with stalled security updates, but what’s the probability these actually get targeted by viruses/hackers?
I know it largely depends on the user, but sometimes I see people with old devices who don’t seem to suffer any problems, not to mention the thousands of computers used in public administrations that daily use outdated software or operating systems.
You will not be targeted individually but these kinds of things can be used in a widely deployed spray and pray kind of attacks, especially in a botnet propagation kind of situation. People will not use this “to get to you”, more like recruit your unpatched computer/phone/IoT device in a bot net situation.
Targeted attacks from state sponsored actors, those likely use both published and unpublished exploits. The more important you are, likely the more unpublished exploits will be used against you.
You can always bring your phone @cotyt to something like DEFCON and maybe people will be willing to demonstrate to you how to remotely compromise your phone. This is assuming you still use this to browse random places on the internet, have your WiFi on all the time, or have your NFC on all the time.
You will eventually have some unpatched firmware level and system vulnerabilities because your Replicant maintainer cannot always backport fixes for everything.
just replace routers with unpatched Android devices. Android TVs come to mind, as well as other Android OS controlled devices. There are a lot of them and they will no longer be patched.
It straight up hasn’t had any updates since 2022-01-20 and is still based on Android 6.0 (2015-09-29) with an (incomplete) 2019-04 ASB patch level and Linux 3.0.101 (2013-10-22) and Chromium 43.0.2357.134 (2015-07-14):
Funny enough, they made a recent blog post back in May announcing that they applied for additional funding to start development for the Pine Phone.
Replicant is interesting because they claim that they’re 100% FOSS and private/secure. We can account for the first claim but obviously it is incredibly difficult for the second claim to apply for 10+ year old devices.
They also can’t support most modern devices because they lack removable batteries…or an isolated modem.That caveat entirely removes the Fairphone from being a Replicant candidate.
I respect them for adhering to FOSS but literally no modern OEM can support their requirements besides Pine64.
Several binary firmwares (without source code) related to the back and home “touch†buttons were found
The touchscreen firmware for the Galaxy Note 8.0 was also lacking any corresponding source code
We also got [a report on the mailing list][15] that a nonfree ambient SDK was added in CyanogenMod and was not removed either by LineageOS 13 or Replicant 6.
While removing the firmware of the Galaxy Note 8.0 touscreen driver, many more firmwares without corresponding source code were found in
