用Apple就俾個false sense of security俾自己,iOS無數exploits無俾人用嚟jailbreak就無人知無人理。
啲嘢全部都要proprietary結果連security enclave都俾人crack埋。所有關於security嘅嘢都應該要係open standard,圍內自己諗出嚟只會塞死個腦。
SAMSUNG 港行 會連大陸DNS? 114.114.114.114
上海仔
1001 回覆
43 Like
51 Dislike
第 1 頁第 2 頁第 3 頁第 4 頁第 5 頁第 6 頁第 7 頁第 8 頁第 9 頁第 10 頁第 11 頁第 12 頁第 13 頁第 14 頁第 15 頁第 16 頁第 17 頁第 18 頁第 19 頁第 20 頁第 21 頁第 22 頁第 23 頁第 24 頁第 25 頁第 26 頁第 27 頁第 28 頁第 29 頁第 30 頁第 31 頁第 32 頁第 33 頁第 34 頁第 35 頁第 36 頁第 37 頁第 38 頁第 39 頁第 40 頁第 41 頁
我唔識Android OS requirement,其實咁樣Google仲可唔可以certify Samsung嘅機畀GMS佢用?
There could at most be reasonably security assurance.
And you are right that 3rd party should be involved
https://developer.apple.com/programs/security-research-device/
Security Research Device (SRD)
And you are right that 3rd party should be involved
https://developer.apple.com/programs/security-research-device/
Security Research Device (SRD)
It features an iPhone dedicated exclusively to security research, with unique code execution and containment policies.
鄰國fatfat
呢個只係black box testing,幫你搵到問題出嚟但係damage is already done。
點解Apple T2俾人搵到exploit而TPM目前都只係得hardware attack?因為TPM個standard係由task group傾出嚟,然後大家跟住個standard去implement,而Apple自己啲chip自己圍內砌出嚟,無peer review。
你自己諗一個encryption algorithm出嚟,你一定會覺得佢係天衣無繨,你諗極都諗唔到點破解,但係你俾個algo人哋睇,人哋可能好容易就見到weaknesses,同一個道理。
點解Apple T2俾人搵到exploit而TPM目前都只係得hardware attack?因為TPM個standard係由task group傾出嚟,然後大家跟住個standard去implement,而Apple自己啲chip自己圍內砌出嚟,無peer review。
你自己諗一個encryption algorithm出嚟,你一定會覺得佢係天衣無繨,你諗極都諗唔到點破解,但係你俾個algo人哋睇,人哋可能好容易就見到weaknesses,同一個道理。
有冇用vpn
而家暫時嘅發現係咁記者麻煩跟進下:
1. Samsung機自Android 9/10之後隱藏114DNS做DNS3
2. 就算set咗其他DNS,甚至set咗Private DNS (密文DNS),電話都會用隱藏咗嘅114DNS,繞過所有DNS設定 (包括Private DNS同router DNS設定)定期用舊式明文DNS連114DNS
3. 每逢電話著mon就會每分鐘用114DNS明文查詢www.qq.com
4. 另外亦會以正常途經用Private DNS同router DNS設定(視何者適用)查詢m.hao123.com,taobao.com
5. 被強制用114DNS查詢www.qq.com頻率為著mon後一分鐘一次
6. 就算電話已連接VPN,都一樣繞過VPN流量定期用舊式明文DNS被強制連接114DNS查詢www.qq.com
7. 另外亦發現每連一次wifi,都會連接connectivity.samsung.com.cn
8. 韓水美水越南水貨都有類似發現
9. 承8,表面睇嚟而家全球行Android 9/10嘅Samsung機著mon後每分鐘都會被強制透過114DNS連接www.qq.com;另間中透過正常DNS機制連接m.hao123.com,taobao.com
10. 9呢種行為算唔算全球DDoS? 而用家又在不知情下被當攻擊者,算唔算已經成為殭屍網絡(botnet)嘅一部分?
11. Samsung電話用Android系統,在此情況下,Google仲會唔會certify Samsung嘅機畀GMS佢用?
大家諗到可以加落去........
1. Samsung機自Android 9/10之後隱藏114DNS做DNS3
2. 就算set咗其他DNS,甚至set咗Private DNS (密文DNS),電話都會用隱藏咗嘅114DNS,繞過所有DNS設定 (包括Private DNS同router DNS設定)定期用舊式明文DNS連114DNS
3. 每逢電話著mon就會每分鐘用114DNS明文查詢www.qq.com
4. 另外亦會以正常途經用Private DNS同router DNS設定(視何者適用)查詢m.hao123.com,taobao.com
5. 被強制用114DNS查詢www.qq.com頻率為著mon後一分鐘一次
6. 就算電話已連接VPN,都一樣繞過VPN流量定期用舊式明文DNS被強制連接114DNS查詢www.qq.com
7. 另外亦發現每連一次wifi,都會連接connectivity.samsung.com.cn
8. 韓水美水越南水貨都有類似發現
9. 承8,表面睇嚟而家全球行Android 9/10嘅Samsung機著mon後每分鐘都會被強制透過114DNS連接www.qq.com;另間中透過正常DNS機制連接m.hao123.com,taobao.com
10. 9呢種行為算唔算全球DDoS? 而用家又在不知情下被當攻擊者,算唔算已經成為殭屍網絡(botnet)嘅一部分?
11. Samsung電話用Android系統,在此情況下,Google仲會唔會certify Samsung嘅機畀GMS佢用?
大家諗到可以加落去........
有,連住wifi上VPN,呢啲係wifi router cap出嚟嘅log
T2 chip 因為同iPhone A10 share 好多hardware design 俾人用A10 嘅jailbreak knowledge + Apple 預留嘅DFU 造成咗漏洞
情況就如同你應該熟知嘅舊型號iPhone 有hardware 缺失可以整到永久jailbreak regardless of iOS version (但唔係完美tetherless jailbreak)
TPM 我冇留意出到幾多版同手機有冇用佢
我淨係知Google Titan M security chip 一樣比人攻破
Software wise Apple 係有參加好多標準聯盟 包括FinTech 嘅Apple Pay
Hardware security design 係咪應該要咁open 或者業界係咪已經有共識就值得探討
情況就如同你應該熟知嘅舊型號iPhone 有hardware 缺失可以整到永久jailbreak regardless of iOS version (但唔係完美tetherless jailbreak)
TPM 我冇留意出到幾多版同手機有冇用佢
我淨係知Google Titan M security chip 一樣比人攻破
Software wise Apple 係有參加好多標準聯盟 包括FinTech 嘅Apple Pay
Hardware security design 係咪應該要咁open 或者業界係咪已經有共識就值得探討
樓豬pin 呢個
okay
你準備用2,再置頂呢個留言都得喇
我唔識睇package佢有冇直情連埋去www.qq.com,但點解好揀唔揀要揀www.qq.com之餘仲要強制用114DNS同繞過埋VPN tunnel?
同埋都著咗mon有active usage啦,仲要一分鐘一次咁密?
同埋都著咗mon有active usage啦,仲要一分鐘一次咁密?
首先,我係覺得用越多standard component越好,我唔認為Google自己整一個crypto coprocessor出嚟會令佢部電話比其他電話更加安全。
雖然係咁,Titan M嘅vulnerability我只係搵到CVE-2019-9465,係用AES-GCM個陣可能會出現錯誤嘅ciphertext,並唔可以bypass secure boot / 做key extraction,希望你可以俾一俾Titan M chip被攻破嘅source。
Apple T2個case都好明顯見到,呢類coprocessor (Apple T2, Intel ME, AMD PSP etc.)既係black box,又比kernel有更高privilege,個implementation一有問題就等於整咗個永久blackdoor係部機到。佢哋嘅共通點係,間廠自己話加就加上去、唔係open standard、無人知入面發生緊咩事。
呢啲proprietary design搞到security review難做好多,導致呢啲system嘅security somewhat depends on obscurity,反而令其更加唔安全。
雖然係咁,Titan M嘅vulnerability我只係搵到CVE-2019-9465,係用AES-GCM個陣可能會出現錯誤嘅ciphertext,並唔可以bypass secure boot / 做key extraction,希望你可以俾一俾Titan M chip被攻破嘅source。
Apple T2個case都好明顯見到,呢類coprocessor (Apple T2, Intel ME, AMD PSP etc.)既係black box,又比kernel有更高privilege,個implementation一有問題就等於整咗個永久blackdoor係部機到。佢哋嘅共通點係,間廠自己話加就加上去、唔係open standard、無人知入面發生緊咩事。
呢啲proprietary design搞到security review難做好多,導致呢啲system嘅security somewhat depends on obscurity,反而令其更加唔安全。
想再補充下,就算真係要做probing嚟monitor connection正唔正常,無可厚非,連windows都有probing, 但人地會用自己domain name dns.msftncsi.com
但而家用埋啲咩www.qq.com,m.hao123.com,taobao.com古靈精怪...點解有Samsung自家domain name唔用,要被強制用114DNS之餘仲有冇需要1分鐘一次咁密?
但而家用埋啲咩www.qq.com,m.hao123.com,taobao.com古靈精怪...點解有Samsung自家domain name唔用,要被強制用114DNS之餘仲有冇需要1分鐘一次咁密?
見你有提AES-GCM,off topic一下
唔知你知唔知....
router OpenVPN Server set咗行AES256-GCM同SHA384,其實係咪都夠晒安全?
唔知你知唔知....
router OpenVPN Server set咗行AES256-GCM同SHA384,其實係咪都夠晒安全?
家下似係三星就咁用大陸Rom 反向開GMS 係香港賣。
首先想問Titan M 係咪你所指既open standard 產物?
你係提倡open hardware secutiy design 但衹係舉例2個都唔open 既B 過好A其實唔係論證
另外如果採用咗open standard 係咪可以後期修復漏洞?以T2 case 黎講冇得透過軟件修補 A10 jailbreak 漏洞因為佢儲存firmware 既storage 部份係"Read-Only Memory". 當然你可以話改做"erasable programmable read-only memory"有得升級firmware 但咁既設計就tradeoff 另一個入侵途經
至於Titan M 有冇你講得咁安全
參考下Cellebrite 既support list
https://www.cellebrite.com/en/ufed/
最後為咗T2 用家我set 咗strong password, 慢慢tethering 咁試我部MacBook root password 喇. 未至於世界末日中門大開既
你係提倡open hardware secutiy design 但衹係舉例2個都唔open 既B 過好A其實唔係論證
另外如果採用咗open standard 係咪可以後期修復漏洞?以T2 case 黎講冇得透過軟件修補 A10 jailbreak 漏洞因為佢儲存firmware 既storage 部份係"Read-Only Memory". 當然你可以話改做"erasable programmable read-only memory"有得升級firmware 但咁既設計就tradeoff 另一個入侵途經
至於Titan M 有冇你講得咁安全
參考下Cellebrite 既support list
CAS Currently Supports:
Apple iOS full file system extraction
iPhone 6S to iPhone X After-First-Unlock (AFU) extraction without needing to brute force passcode (must keep device alive after seizure!)
File-Based Encrypted (FBE) Android full file system extraction (Samsung / Huawei / Google Pixel / LG / Motorola, etc.)
• Samsung Galaxy S10, Note 10, and all A Series (2019) brute force passcode
• Huawei P30, P20, Mate 20 and many others (2017 and newer) brute force passcode
• Qualcomm and MediaTek based devices brute force passcode
• After-First-Unlock (AFU) extraction (must keep device alive seizure!), including Google Pixel 2/3/4
https://www.cellebrite.com/en/ufed/
最後為咗T2 用家我set 咗strong password, 慢慢tethering 咁試我部MacBook root password 喇. 未至於世界末日中門大開既
