Jump to content

Beware of cheap android handsets online:


Bikerdude
 Share

Recommended Posts

This goes without saying but just through I would post a timely reminder, when something is too cheap to 'tru' -

 

- http://www.fudzilla.com/news/mobile/44171-blu-r1-hd-phones-are-still-selling-your-details

- https://www.amazon.com/BLU-R1-Cell-Phone-16GB/dp/B01H2E0KVA

 

In this instance you could root the phone, install firewall, Xposed framework and then Xprivacy - which is very simple as the phone is running generic android -

 

- http://www.androidpolice.com/2016/07/27/amazons-blu-r1-hd-gets-rooted-bootloader-unlocked-twrp-support-debloat/

 

Now as well all know even the top tier manufactures pull this shit, but not as blatantly or to the same degree. And conversely for the money the R1 HD is going for (£99) there are more than enough alternatives out there -

 

- Did a search on GSM arena for phone of same spec or higher - GSMarena

 

So plenty of other BETTER alternatives etc, the Xiaomi Redme 5 looks like a tasty handset. Buy like BLU they have been caught siphoning customer data back in 2014 and the MUI launcher in 2016. So for me one option is to get a used Nexus 5.

 

The rule of thumb here is always install a firewall and if possible a permissions manager - there are rooted and non-root variants out there. I personally am rooted and use Xprivacy because the built in permission manager for android 6 and above will stop some apps from working. Xprivacy works under the OS (via root) so apps don't get a choice so don't complain.

Edited by Bikerdude
  • Like 2
Link to comment
Share on other sites

This is still better than my AT&T branded Samsung Galaxy Note 4, which is stuck on Android 5.1, with no root method and a locked boot loader. Every attempt to "check for updates" just tells me that none exist. I got this phone because it was "unlocked", but little did I know that the boot loader was still locked with no publicly documented unlock method!

 

The thing about Android phones, is to buy somewhere in the middle. If you get a premium device, you will be angry and disappointed when they cease supporting it in six months, and if you go too cheap, you might end up in a bot net, or worse (due to pre-installed malware).

 

Always make sure that a device has an unlockable boot loader, or one that can be unlocked. Avoid carrier-branded units, especially AT&T and Verizon!

Edited by kano
Link to comment
Share on other sites

This is still better than my AT&T branded Samsung Galaxy Note 4, which is stuck on Android 5.1, with no root method and a locked boot loader.

Have you had a look oin the XDA forums - https://forum.xda-developers.com/note-4-att

 

What variant have you got, is it the N910A..?

Once you have rooted the phone -

  • copy a custom rom to the SD card.
  • flash TWRP recovery - you may have to flash it twice from download mode via odin.
  • then flash a custom pre-rooted room of your choice from recovery.
Edited by Bikerdude
Link to comment
Share on other sites

There is a snag here. The Chinese have been known to create backdoors in the actual chips in their consumer hardware
so even if you format and firewall there's a chance you could be running in a virtual context and all your data
could still be forwarded. (Even the US government bought routers with backdoor exploits from Chinese sub-components a few
years back...) Not that US manufacturers are spotless on this with Intel's "Management Engine" which also acts as a backdoor\hypervisor.

Of course, you could also substitute CIA for China in that paragraph or could say that either or both the CIA and China
have router exploits that can redirect your traffic once it leaves the phone anyway.

I became surveillance \ data-security nihilistic when I learned about "the great DNS black hole" about a decade ago.
As far as I can tell we are now living in a world where everyone is "doxxed" by multiple entities\governments\crime groups
and it's just a big competition to see who can collect the most of us.

TLDR;

Even if you roll your own OS on your mobile device, to be truly sure where you stand security-wise check where your traffic goes
afterwards and even then your ability to check this is probably poisoned by several layers of rooting by multiple governments,
manufacturers and cyber-crime syndicates.

In the future?

OS and Chip design become too complex for humans to do by themselves so they have AI assist with it. Result, now AI have
placed more backdoors for themselves so you are spied on by your gov, other govs, crime groups, companies, random white\black hackers,
and AI. (And if Neuromancer comes true, AI developed by Alien Civilizations who make contact with our own AI.)

 

Strategy: Be broke and boring so nobody gives a shit about your info?

I guess privacy is dead, eh? :P:laugh::D:laugh:

Please visit TDM's IndieDB site and help promote the mod:

 

http://www.indiedb.com/mods/the-dark-mod

 

(Yeah, shameless promotion... but traffic is traffic folks...)

Link to comment
Share on other sites

 

@Nbohr1more: "I guess privacy is dead, eh? :P:laugh::D :laugh:"

(sorry i can't seem to quote with this new system)

 

Nah. We just have to change what and how we share information. Which is see far too few people actually doing. Keep posting completely superfluous information about themselves then it gets weird when, not if, that leaks.

 

There's information we can't avoid getting leaked, since usually, the countries we live in all have stupidly moved their citizen records and stuff like that on to the internet for convenience... I'm personally not jazzed about that, BUT, it only means that if you're security-conscious then you gotta take control of the little you can. And yes, sadly that does not entail a rich, full life lived on the big screen of social media stardom :P

 

Anyway. There's still privacy, it takes effort is all and not necessarily through private keys and encrypting your every breath. People CHOOSE to share certain stuff that's just stupid to share... "No one's listening anyway" oh yes.. yes they are. "Ok well I don't care." but THEY do. Ooooh yes they doooooo.

 

:)

 

More to the topic though. Yeah, backdoors in the hardware, even like what Lenovo did a few years ago with the built-in MitM attack vector... Nothing can be done except probing the hell out of it and showing the world what it is, and they have no choice but to change it or get better at hiding it. haha.

Edited by GameDevGoro
  • Like 1
Link to comment
Share on other sites

The poppies blow here when Interdnestrkom, where I'm from in Transnistria locks all SIM cards to be used only with the phones they sell for maximum efficiency of phone tapping and total control of the population. Long live Putler.

​Just buy whatever you feel is right. IMHO as long as a phone has basic capability for good quality voice speech, has skype, has decent internet mobile data for internet and/or Wifi that sufficient because for work you'll probably use a notebook or tablet anyway.
​Also when your phone is stolen it's really sad if it's expensive. Not a lot to lose when it's a plain Nokia or Motorolla and you just call the operator and tell them to lock up that SIM card. That's what matters. Also just some minimal password for entering your phone. At least something.

If you travel often nobody won't really be able to track you using your phone, especially if your country is not known for great connection in every region. Not precisely anyway. Especially during summer when those waves have a harder time penetrating leafs of trees. Easier in winter though with that to my knowledge.

​I'm not really sure where you're going with surveillance from crime groups, AFAIK it's only government agencies and companies unless there's a hack and/or a leak, especially from the inside.

Edited by Anderson

"I really perceive that vanity about which most men merely prate — the vanity of the human or temporal life. I live continually in a reverie of the future. I have no faith in human perfectibility. I think that human exertion will have no appreciable effect upon humanity. Man is now only more active — not more happy — nor more wise, than he was 6000 years ago. The result will never vary — and to suppose that it will, is to suppose that the foregone man has lived in vain — that the foregone time is but the rudiment of the future — that the myriads who have perished have not been upon equal footing with ourselves — nor are we with our posterity. I cannot agree to lose sight of man the individual, in man the mass."...

- 2 July 1844 letter to James Russell Lowell from Edgar Allan Poe.

badge?user=andarson

Link to comment
Share on other sites

There have been several articles in mainstream news publications about the mafia's use of cyber-crime:

 

https://www.forbes.com/sites/tonybradley/2015/10/16/cybercrime-is-the-modern-day-mafia/

 

Just another factor among the many different interests who would try to exploit cyber security weaknesses.

If lone hackers are making DNS blackholes, then surely the mafia hires a few people with such skills and

therefore we would conclude that any group with as many financial resources as a low-level mob boss

could do the same.

 

Strangely, we seem to be fortunate that most high-profile hacks are done by gifted weirdos for "the laughs".

If the best hackers were employed by the mob or our governments then things would be much more dire.

(Eg. If the CIA were capable of writing their own exploits rather than borrowing\stealing them from external hackers at hacker conventions... )

Please visit TDM's IndieDB site and help promote the mod:

 

http://www.indiedb.com/mods/the-dark-mod

 

(Yeah, shameless promotion... but traffic is traffic folks...)

Link to comment
Share on other sites

In the developed world mafia isn't that powerful due to high government regulation and rule of law. Mafia is still strong in countries left behind like Venezuela, Russia or elsewhere and usually they act only if the government allows it or they are just too insignificant/haven't attracted attention yet to be bothered with.
Hard to say how cybercriminals with mafia ties can realistically intimidate a serious or more or less respectable business or organization in a developed country.
The usual shady business with tons of money involved comes from the Middle East, Saudi Arabia, Chechenya or whatnot.

Proof for North Korea: http://www.reuters.com/article/us-northkorea-cybercrime-idUSKBN1AD0BO?utm_campaign=trueAnthem%3A+Trending+Content&utm_content=597adb1604d30123a8932257&utm_medium=trueAnthem&utm_source=facebook
 
Also isn't it a contradiction? More government surveillance actually lessens the chance to having cybercriminals abuse their position or insider knowledge ever again.
 
Otherwise what is called the dark internet is mostly just for lurkers who are concerned about surveillance or just need a middleman service such as TOR. But that's hardly a tool to influence much of anyone in intimidation or harassment of someone. Just for private interactions away from the public eye.
 
Basically this is an issue for weaker countries rather than the ones at the top. Edited by Anderson

"I really perceive that vanity about which most men merely prate — the vanity of the human or temporal life. I live continually in a reverie of the future. I have no faith in human perfectibility. I think that human exertion will have no appreciable effect upon humanity. Man is now only more active — not more happy — nor more wise, than he was 6000 years ago. The result will never vary — and to suppose that it will, is to suppose that the foregone man has lived in vain — that the foregone time is but the rudiment of the future — that the myriads who have perished have not been upon equal footing with ourselves — nor are we with our posterity. I cannot agree to lose sight of man the individual, in man the mass."...

- 2 July 1844 letter to James Russell Lowell from Edgar Allan Poe.

badge?user=andarson

Link to comment
Share on other sites

 

Have you had a look oin the XDA forums - https://forum.xda-developers.com/note-4-att

 

What variant have you got, is it the N910A..?

Once you have rooted the phone -

  • copy a custom rom to the SD card.
  • flash TWRP recovery - you may have to flash it twice from download mode via odin.
  • then flash a custom pre-rooted room of your choice from recovery.

 

Yep, its an SM-910A, running Android 5.1.1. I might give this a try, but last time I researched it, all I could find was people saying that custom ROMs and the like were not possible on the AT&T Note 4, though trivial on other Note 4 models. Lineage OS would be nice. That's what my significantly cheaper Zenfone 5 is now running, based on Android 7.1.2, and it performs very nicely.

 

https://forum.xda-developers.com/note-4-att/help/how-to-delete-att-bloatware-samsung-t3574250

 

Only in Capitalist America, would I have to buy software (Package Disabler Pro) whose sole purpose is to disable other software that I don't want, but which I am not allowed to uninstall. lol I also needed to get a new battery inside of six months, because the provided battery began to bulge and get extremely warm during charging!

 

Basically, if I could rip the screen and camera out of this AT&T Note 4 and install them in my Zenfone, I would do so immediately and then promptly trash the rest of the phone. I'm never getting another phone with a Samsung or AT&T logo on it again!

Edited by kano
Link to comment
Share on other sites

Yep, its an SM-910A, running Android 5.1.1. I might give this a try

Once the phone is rooted, even temporarily your sorted. Because once the custom recovery is on there and then you flash a custom rom (which are all rooted) you never have to worry about it again.

 

Regarding kingroot, I have used that some very obscure non-samsung handsets and was successful.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recent Status Updates

    • peter_spy

      It's funny how perception changes over the years. I've been replaying Bioshock in its Remastered version, and I'm surprised how bad the level design actually is. It's just a series of abstract corridor mazes that you can't really map out in your head. There's nothing that would ground them in any kind of reality, fictional or otherwise, no sense of place people could live in. It's almost like Wolfenstein 3d with cool art deco assets.
      · 4 replies
    • STiFU

      Anyone here played Inscryption? At first, I was like "no, I am not going to play a stupid card game", but this game is so much more than that. It is so meta, full of 4th wall breaks, and feels so damn spooky and weird because of it. Absolutely recommended, if you can stand the visuals. I recommend not reading up too much on it, as that could easily spoil half the incredible surprises. Just know that what you see in the beginning is by far not everything.
      · 4 replies
    • freyk

      Tried to make a tdm advertisement commentpost at one of civvie11 youtube videos about T2. Post got marked as spam. His problem (to not discover TDM for himself),..not my problem.
      But some help of some fellow TDM yt-videocomment posters would be nice. To ask him and others, to play TDM. To get more players/creators. 
      · 5 replies
    • datiswous

      Currently Profile Information has 3 fields, these are shown in forum posts under your avatar:
      1. Gender
      2. Location
      3. Interests
      I think that it could be useful to have an extra field called "Operating system" (under location). It can be useful for tech support and to see what people use.
      Alternatively it could be a more general term, like PC system, so that you can for example state that you use an AMD gpu.
      · 2 replies
    • OrbWeaver

      Greetings fellow kids.
      · 11 replies
×
×
  • Create New...