Hey guys!
It’s almost time again for the latest and greatest iterations of Pixel devices, where Google will show off their newest hardware and software upgrades to the masses.
The event will debut on October 4th at 10 AM EST (https://dateful.com/convert/est-edt-eastern-time?t=10am&d=2023-10-04), showcasing what’s to be the Pixel 8, Pixel 8 Pro, and likely the Pixel Watch 2.
Rumors indicate signs pointing to a new Tensor chip in the Pixel devices, temperature sensors, Magic Audio removal features for video clips, and even a Qualcomm-based chip in the Pixel Watch 2.
Feel free to watch the event and sign up to be notified when it’s live, at the following YouTube link: https://www.youtube.com/watch?v=pxlaUCJZ27E
See you all soon!
https://www.engadget.com/2011-01-29-android-2-3-security-bug-shows-microsd-access-vulnerability.html
https://www.techtimes.com/articles/233214/20180813/android-exploit-uses-sd-cards-heres-how-to-protect-yourself-against-man-in-the-disk-attacks.htm
It’s been well documented. They can also use them to place malicious files on and potentially gain access to the phone by having the Android phone read them and run malicious code.
So do you argue that all manufacturers should get rid of the usb port as well and switch to wireless charging because juicejacking is a thing?
That’s a really poor argument to make when the usb port is more prone to attacks (as it requires 0 app use on the user front) vs sd cards, which requires a user to hand over permissions.
If you yank out an SD card on it from a phone that was forgotten behind:
If you have a phone without an SD card they only have access to the USB port, which is locked with software and in some cases hardware. Removing the SD card slot is one less attack vector, it will make the device more secure one way or another.
Leaving your laptop around someone can also yank the SSD. Modern laptop operating systems generally have the option to encrypt their storage devices.
You can encrypt microSD cards but you must do file transfers through the phone itself through USB which I guess is no different than having an encrypted drive on a laptop. I haven’t looked into how modern SD encryption works on Android.
Arguing security flaws based on someone having physical acess to a device is on a completely different level of vulnerabilities.
Thats like treating vulnerabilities like Spectre/Meltdown/Downfall/Zenbleed on the same category as ones that require physical access to the machine, many which dont get names due to being severe is small because they are firmware patched quickly.
On the topic of SD card encryption, its not native to android, however many companies who offer sd card models(e.g Samsung) have encryption as a setting put in theirselves.
In computer security, you always have to consider both physical and digital security. They go hand in hand.
You can put as many passwords on a computer as you want but as soon as you have local access to a computer or storage device it’s game over.
Check out the 8 security domains in relation to computer security.
https://www.itgovernance.co.uk/blog/the-8-cissp-domains-explained#asset-security
You consider them, but they are never treated on the same level of threat.
Ironic that youd post something from the UK, given they just banned end to end encyption of messaging.
Taking someones phone to then put a file on it is not something I would call a security risk, let alone one that warrants removal of such a basic feature.
At that point, there are WAY more severe AND realistic attacks happening. Relevant XKCD this reminds me of.