SamSuka
The Hated One
The Hated One

patreon


Episode 059 - Security is a privacy prerequisite

Links

LINDDUN Disclosure of Information: https://www.linddun.org/disclosure-of-information

LINDDUN Threat Catalogue: https://www.linddun.org/linddun-threat-catalog 

Linddun: https://www.linddun.org/

About Linddun: https://www.linddun.org/linddun

Download Linddun Go tutorial here: https://www.linddun.org/_files/ugd/cc602e_f98d9a92e4804e6a9631104c02261e1f.pdf

Download Linddun Go cards here: https://www.linddun.org/_files/ugd/cc602e_cf7e4c6b1d894bdaabc3094c48b26869.pdf

Episode 059 - Security is a privacy prerequisite

Comments

Bootloader doesn't just protect your phone against physical attacks. It also defends it against persistence, rollback attacks and unauthorized modifications to the system (by verifying and communicating the state of integrity). I was wrong in my wording that LineageOS has "no" access controls. It's more that there is nothing that would preserve them. Remotely executing malicious code and exfiltrating data from your LineageOS device is a lot easier and cheaper without the bootloader protections. LineageOS also has weaker MAC policies which exposes root processes to exploitation without the need for expensive unknown Android vulnerabilities. With the bootloader unlocked, you have no way of verifying whether the system is actually constraining the apps or not. I think you'd be better with DivestOS on your OnePlus so you might check if you can a signed build for your model: https://divestos.org/index.php?page=devices&base=LineageOS

The Hated One

WTF, I did not know about that. I've never heard anyone talking about installing LineageOS saying that it completely destroys the sandbox. That's actually pretty creepy.

CopyCat

It wouldn't be possible without this many patreons. I don't need to cater to the YouTube algorithm. I can just focus on research for as long as necessary. Ping me in a DM about your threat model request.

The Hated One

The problem with unlocked bootloaders is that every app has full access to all of your phone data. There are no access controls anymore and escaping the sandbox is not required to hack you. That's why it becomes a significant privacy threat.

The Hated One

I mostly agree with you that we shouldn't sacrifice security for privacy. Of course the ideal solution would be to have both. But there are situations where at least for me personally I'd rather have a little less security than my privacy being invaded by big Tech. As my daily driver, I use a pixel 6 running graphene OS. But I have a secondary oneplus phone which is running Lineage OS, and I'd much rather run Lineage OS than OxygenOS, which not only has Google play services, but also chinese spyware preinstalled. In this specific case, running the default is the worse option in my opinion, because your data will end up on some servers anyways. In the case of lineageOS my data will be only in my hands, except if someone hacks it, but the likelyhood of that happening is very low. I only install apps from f-droid on it and don't browse the web. The only Drawback I see is that the bootloader is unlocked. But since I never take my secondary phone outside, I don't fear it getting stolen and then having my pin brute forced.

CopyCat

I am just impressed with how deep you are going to research for these videos. It is so satisfying to see you constantly evolve and improve. Regarding your Idea of threat modeling someone as an example for a video: I'd be happy if you could threat model my situation. Just tell me what you need to know.

CopyCat

I didn't realize LINDDUN had all these resources, so this is really fantastic!! Great episode and keep up the great work.

Jose Vanduka


More Creators