Did you watch Apple's VP draw on his wrist during the Apple Watch announcement and wonder "why can't my Wear watch do that?" In typical XDA fashion, one enterprising forum member has brought similar functionality to Android Wear with a twist; it works on phones and watches alike, with other platforms on the way! The app is called Pinsy, and its release debut is a strong proof of concept with plenty of room to grow. You may remember the developer behind this project, XDA...
Samsung Backdoor May Not Be as Wide Open as Initially Thought
Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung’s proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device’s storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be.
A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes to remain anonymous approached us, stating that the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading. Essentially, it boils down to the POC requiring a modified firmware with with security features disabled. Thus, if a user is running an updated version of the official firmware, this attack will not work. To that end, the Replicant team even states in their write-up that SELinux would considerably restrict the potential files that the modem can access, such as those on the /sdcard partition.
Now, another highly trusted security researcher (XDA Recognized Developer djrbliss) has gone on record with Ars, stating that there’s “virtually no evidence” that this is indeed a true backdoor, although his reasons are a bit different. There is absolutely no indication at this time that the baseband file access can be controlled remotely. Rather, this is only a “possibility,” since the baseband software is proprietary. Instead, it’s far more likely that this was only ever intended to write radio diagnostic files to the /efs/root directory, as that is is the radio user’s home directory.
In summary, we shouldn’t rush to replace our Samsung phones just yet. There is absolutely no evidence to state that this can be controlled remotely. And even if it were possible, using SELinux, which is set to Enforcing in stock firmware, would restrict the radio user’s access.
Want something on the XDA Portal? Send us a tip!
Wear is said to not offer enough for mass adoption, even though its been in the market for over 9 months. I personally have a Gear Live which I purchased 8 months ago, and my experience with it has had its ups and downs throughout my time with it. For the longest time, I was not able to recommend the platform to anyone. Since then, a lot of updates have hit Wear watches, some improving battery life, others changing the...
SlimRoms' website has been experiencing technical difficulties for the last month or so, but it's good to know the team is working hard and is still on top of things. The SlimRoms GitHub repos are getting updated with some major changes showing up. Most notably, some projects are getting a new 5.1 branch: lp5.1! A new, revamped and open source website is also in the works, with a look inspired by material design. We also got a tip about an...