Is it still safe to use as long as apps continue to be updated and is supported by the play store?

How long would you say someone could safely use an Android phone that no longer gets security updates for?

  • argv_minus_one@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Plenty of RCEs are in privileged components, like the operating system or the baseband firmware.

    And yes, it is correct to assume that any attacker-controlled memory corruption is likely an RCE vulnerability.

    • henfredemars@lemdro.id
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      The baseband firmware is not so privileged anymore. Most new phones, like the Google Pixel 7, have IOMMU to force the baseband to communicate through a very restricted interface to the kernel. Certainly, you can interfere with texts and calls, but a baseband RCE doesn’t yet compromise the data stored on the phone by itself–not to diminish the seriousness or to suggest that we shouldn’t patch such an exploit immediately.

      RCE, the “remote” aspect, in the operating system? So directly in the kernel and accessible remotely, such as through the networking code? I’m curious now. Most of the ones I’ve seen are in some other component that is sandboxed. True system-level privilege RCEs seem to be relatively rare. Usually, you get RCE, then you need privilege escalation to do something especially interesting.

      Indeed; I’m sometimes able to leverage even a few bits of memory corruption into execution in many cases, though the hardened allocator in Android makes this a serious PITA to arrange to overwrite something useful.