Jump to content


Photo

Beware of cheap android handsets online:


  • Please log in to reply
11 replies to this topic

#1 Bikerdude

Bikerdude

    Mod hero

  • Member
  • PipPipPipPipPip
  • 18523 posts

Posted 27 July 2017 - 06:15 AM

This goes without saying but just through I would post a timely reminder, when something is too cheap to 'tru' -

 

- http://www.fudzilla....ng-your-details

- https://www.amazon.c...B/dp/B01H2E0KVA

 

In this instance you could root the phone, install  firewall, Xposed framework and then Xprivacy - which is very simple as the phone is running generic android -

 

- http://www.androidpo...upport-debloat/

 

Now as well all know even the top tier manufactures pull this shit, but not as blatantly or to the same degree. And conversely for the money the R1 HD is going for (£99) there are more than enough alternatives out there -

 

- Did a search on GSM arena for phone of same spec or higher - GSMarena

 

So plenty of other BETTER alternatives etc, the Xiaomi Redme 5 looks like a tasty handset. Buy like BLU they have been caught siphoning customer data back in 2014 and the MUI launcher in 2016. So for me one option is to get a used Nexus 5.

 

The rule of thumb here is always install a firewall and if possible a permissions manager - there are rooted and non-root variants out there. I personally am rooted and use Xprivacy because the built in permission manager for android 6 and above will stop some apps from working. Xprivacy works under the OS (via root) so apps don't get a choice so don't complain.


Edited by Bikerdude, 27 July 2017 - 06:22 AM.

  • Anderson and MayheM like this

#2 jaxa

jaxa

    Advanced Member

  • Member
  • PipPipPip
  • 1226 posts

Posted 27 July 2017 - 06:43 AM

I thought BLU phones ran stock Android.



#3 Bikerdude

Bikerdude

    Mod hero

  • Member
  • PipPipPipPipPip
  • 18523 posts

Posted 27 July 2017 - 11:11 AM

yeah it is, thats what I mean when I said generic android.



#4 kano

kano

    Member

  • Member
  • PipPip
  • 173 posts

Posted 27 July 2017 - 11:31 AM

This is  still better than my AT&T branded Samsung Galaxy Note 4, which is stuck on Android 5.1, with no root method and a locked boot loader. Every attempt to "check for updates" just tells me that none exist. I got this phone because it was "unlocked", but little did I know that the boot loader was still locked with no publicly documented unlock method!

 

The thing about Android phones, is to buy somewhere in the middle. If you get a premium device, you will be angry and disappointed when they cease supporting it in six months, and if you go too cheap, you might end up in a bot net, or worse (due to pre-installed malware).

 

Always make sure that a device has an unlockable boot loader, or one that can be unlocked. Avoid carrier-branded units, especially AT&T and Verizon!


Edited by kano, 27 July 2017 - 11:32 AM.


#5 Bikerdude

Bikerdude

    Mod hero

  • Member
  • PipPipPipPipPip
  • 18523 posts

Posted 27 July 2017 - 11:34 AM

This is  still better than my AT&T branded Samsung Galaxy Note 4, which is stuck on Android 5.1, with no root method and a locked boot loader.

Have you had a look oin the XDA forums - https://forum.xda-de....com/note-4-att

 

What variant have you got, is it the N910A..?

Once you have rooted the phone -

  • copy a custom rom to the SD card.
  • flash TWRP recovery - you may have to flash it twice from download mode via odin.
  • then flash a custom pre-rooted room of your choice from recovery.

Edited by Bikerdude, 27 July 2017 - 11:47 AM.


#6 nbohr1more

nbohr1more

    Darkmod PR, Wordsmith

  • Development Role
  • PipPipPipPipPip
  • 7628 posts

Posted 27 July 2017 - 11:49 AM

There is a snag here. The Chinese have been known to create backdoors in the actual chips in their consumer hardware
so even if you format and firewall there's a chance you could be running in a virtual context and all your data
could still be forwarded. (Even the US government bought routers with backdoor exploits from Chinese sub-components a few
years back...) Not that US manufacturers are spotless on this with Intel's "Management Engine" which also acts as a backdoor\hypervisor.

Of course, you could also substitute CIA for China in that paragraph or could say that either or both the CIA and China
have router exploits that can redirect your traffic once it leaves the phone anyway.

I became surveillance \ data-security nihilistic when I learned about "the great DNS black hole" about a decade ago.
As far as I can tell we are now living in a world where everyone is "doxxed" by multiple entities\governments\crime groups
and it's just a big competition to see who can collect the most of us.

TLDR;

Even if you roll your own OS on your mobile device, to be truly sure where you stand security-wise check where your traffic goes
afterwards and even then your ability to check this is probably poisoned by several layers of rooting by multiple governments,
manufacturers and cyber-crime syndicates.

In the future?

OS and Chip design become too complex for humans to do by themselves so they have AI assist with it. Result, now AI have
placed more backdoors for themselves so you are spied on by your gov, other govs, crime groups, companies, random white\black hackers,
and AI. (And if Neuromancer comes true, AI developed by Alien Civilizations who make contact with our own AI.)

 

Strategy: Be broke and boring so nobody gives a shit about your info?

I guess privacy is dead, eh? :P  :laugh:  :D  :laugh:


Please visit TDM's IndieDB site and help promote the mod:

http://www.indiedb.c...ds/the-dark-mod

(Yeah, shameless promotion... but traffic is traffic folks...)

#7 GameDevGoro

GameDevGoro

    Member

  • Member
  • PipPip
  • 288 posts

Posted 27 July 2017 - 12:06 PM


@Nbohr1more: "I guess privacy is dead, eh? :P  :laugh:  :D  :laugh:"
(sorry i can't seem to quote with this new system)

 

Nah. We just have to change what and how we share information. Which is see far too few people actually doing. Keep posting completely superfluous information about themselves then it gets weird when, not if, that leaks.

There's information we can't avoid getting leaked, since usually, the countries we live in all have stupidly moved their citizen records and stuff like that on to the internet for convenience... I'm personally not jazzed about that, BUT, it only means that if you're security-conscious then you gotta take control of the little you can. And yes, sadly that does not entail a rich, full life lived on the big screen of social media stardom :P

 

Anyway. There's still privacy, it takes effort is all and not necessarily through private keys and encrypting your every breath. People CHOOSE to share certain stuff that's just stupid to share... "No one's listening anyway" oh yes.. yes they are. "Ok well I don't care." but THEY do. Ooooh yes they doooooo.

 

:)

More to the topic though. Yeah, backdoors in the hardware, even like what Lenovo did a few years ago with the built-in MitM attack vector... Nothing can be done except probing the hell out of it and showing the world what it is, and they have no choice but to change it or get better at hiding it. haha.


Edited by GameDevGoro, 27 July 2017 - 12:07 PM.

  • nbohr1more likes this

#8 Anderson

Anderson

    Advanced Member

  • Member
  • PipPipPip
  • 777 posts

Posted 27 July 2017 - 12:20 PM

The poppies blow here when Interdnestrkom, where I'm from in Transnistria locks all SIM cards to be used only with the phones they sell for maximum efficiency of phone tapping and total control of the population. Long live Putler.

​Just buy whatever you feel is right. IMHO as long as a phone has basic capability for good quality voice speech, has skype, has decent internet mobile data for internet and/or Wifi that sufficient because for work you'll probably use a notebook or tablet anyway. 
​Also when your phone is stolen it's really sad if it's expensive. Not a lot to lose when it's a plain Nokia or Motorolla and you just call the operator and tell them to lock up that SIM card. That's what matters. Also just some minimal password for entering your phone. At least something.

If you travel often nobody won't really be able to track you using your phone, especially if your country is not known for great connection in every region. Not precisely anyway. Especially during summer when those waves have a harder time penetrating leafs of trees. Easier in winter though with that to my knowledge.

​I'm not really sure where you're going with surveillance from crime groups, AFAIK it's only government agencies and companies unless there's a hack and/or a leak, especially from the inside.


Edited by Anderson, 27 July 2017 - 12:49 PM.

 "I really perceive that vanity about which most men merely prate — the vanity of the human or temporal life. I live continually in a reverie of the future. I have no faith in human perfectibility. I think that human exertion will have no appreciable effect upon humanity. Man is now only more active — not more happy — nor more wise, than he was 6000 years ago. The result will never vary — and to suppose that it will, is to suppose that the foregone man has lived in vain — that the foregone time is but the rudiment of the future — that the myriads who have perished have not been upon equal footing with ourselves — nor are we with our posterity. I cannot agree to lose sight of man the individual, in man the mass."...

 

 

- 2 July 1844 letter to James Russell Lowell from Edgar Allan Poe.

 


#9 nbohr1more

nbohr1more

    Darkmod PR, Wordsmith

  • Development Role
  • PipPipPipPipPip
  • 7628 posts

Posted 27 July 2017 - 01:02 PM

There have been several articles in mainstream news publications about the mafia's use of cyber-crime:

 

https://www.forbes.c...dern-day-mafia/

 

Just another factor among the many different interests who would try to exploit cyber security weaknesses.

If lone hackers are making DNS blackholes, then surely the mafia hires a few people with such skills and

therefore we would conclude that any group with as many financial resources as a low-level mob boss

could do the same.

 

Strangely, we seem to be fortunate that most high-profile hacks are done by gifted weirdos for "the laughs".

If the best hackers were employed by the mob or our governments then things would be much more dire.

(Eg. If the CIA were capable of writing their own exploits rather than borrowing\stealing them from external hackers at hacker conventions... )


Please visit TDM's IndieDB site and help promote the mod:

http://www.indiedb.c...ds/the-dark-mod

(Yeah, shameless promotion... but traffic is traffic folks...)

#10 Anderson

Anderson

    Advanced Member

  • Member
  • PipPipPip
  • 777 posts

Posted 27 July 2017 - 01:26 PM

In the developed world mafia isn't that powerful due to high government regulation and rule of law. Mafia is still strong in countries left behind like Venezuela, Russia or elsewhere and usually they act only if the government allows it or they are just too insignificant/haven't attracted attention yet to be bothered with.
Hard to say how cybercriminals with mafia ties can realistically intimidate a serious or more or less respectable business or organization in a developed country.
The usual shady business with tons of money involved comes from the Middle East, Saudi Arabia, Chechenya or whatnot.

Proof for North Korea: http://www.reuters.c...source=facebook
 
Also isn't it a contradiction? More government surveillance actually lessens the chance to having cybercriminals abuse their position or insider knowledge ever again.
 
Otherwise what is called the dark internet is mostly just for lurkers who are concerned about surveillance or just need a middleman service such as TOR. But that's hardly a tool to influence much of anyone in intimidation or harassment of someone. Just for private interactions away from the public eye.
 
Basically this is an issue for weaker countries rather than the ones at the top.

Edited by Anderson, 28 July 2017 - 03:57 AM.

 "I really perceive that vanity about which most men merely prate — the vanity of the human or temporal life. I live continually in a reverie of the future. I have no faith in human perfectibility. I think that human exertion will have no appreciable effect upon humanity. Man is now only more active — not more happy — nor more wise, than he was 6000 years ago. The result will never vary — and to suppose that it will, is to suppose that the foregone man has lived in vain — that the foregone time is but the rudiment of the future — that the myriads who have perished have not been upon equal footing with ourselves — nor are we with our posterity. I cannot agree to lose sight of man the individual, in man the mass."...

 

 

- 2 July 1844 letter to James Russell Lowell from Edgar Allan Poe.

 


#11 kano

kano

    Member

  • Member
  • PipPip
  • 173 posts

Posted 27 July 2017 - 02:55 PM

 

Have you had a look oin the XDA forums - https://forum.xda-de....com/note-4-att

 

What variant have you got, is it the N910A..?

Once you have rooted the phone -

  • copy a custom rom to the SD card.
  • flash TWRP recovery - you may have to flash it twice from download mode via odin.
  • then flash a custom pre-rooted room of your choice from recovery.

 

Yep, its an SM-910A, running Android 5.1.1. I might give this a try, but last time I researched it, all I could find was people saying that custom ROMs and the like were not possible on the AT&T Note 4, though trivial on other Note 4 models. Lineage OS would be nice. That's what my significantly cheaper Zenfone 5 is now running, based on Android 7.1.2, and it performs very nicely.

 

https://forum.xda-de...amsung-t3574250

 

Only in Capitalist America, would I have to buy software (Package Disabler Pro) whose sole purpose is to disable other software that I don't want, but which I am not allowed to uninstall. lol I also needed to get a new battery inside of six months, because the provided battery began to bulge and get extremely warm during charging!

 

Basically, if I could rip the screen and camera out of this AT&T Note 4 and install them in my Zenfone, I would do so immediately and then promptly trash the rest of the phone. I'm never getting another phone with a Samsung or AT&T logo on it again!


Edited by kano, 27 July 2017 - 03:17 PM.


#12 Bikerdude

Bikerdude

    Mod hero

  • Member
  • PipPipPipPipPip
  • 18523 posts

Posted 27 July 2017 - 04:38 PM

Yep, its an SM-910A, running Android 5.1.1. I might give this a try

Once the phone is rooted, even temporarily your sorted. Because once the custom recovery is on there and then you flash a custom rom (which are all rooted) you never have to worry about it again.

 

Regarding kingroot, I have used that some very obscure non-samsung handsets and was successful.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users