EXCLUSIF : Votre téléphone OnePlus peut être téléchargement des données GPS sur dans…

EXCLUSIF : Votre téléphone OnePlus peut être téléchargement des données GPS sur dans…

EXCLUSIVE: Your OnePlus phone may be downloading some GPS data over insecure channels

Avant d’acheter un smartphone pliable, il faut toujours voir les différents modèles disponibles sur le marché. Lequel, permettra vraiment de regarder les jokes tous les jours de manière confortable ?

exclusif : OnePlus votre téléphone peut être téléchargement des données GPS via des canaux non sécurisés


View Reddit by flicter22

23 réflexions au sujet de “EXCLUSIF : Votre téléphone OnePlus peut être téléchargement des données GPS sur dans…”

  1. While it’s bad the scenario « *a network-level attacker from their secret hideout is doing a man-in-the-middle attack and modifying the position data to guide you to a completely different path »* is technically impossible. Phone only downloads GPS ephemeris and almanac data once in four hours. The data contains updated information about satellite orbits and status but no positional data is exchanged. The only thing an attacker can do is to shift your position relative to the true position **everywhere**. While it’s possible to move your destination to some other specific place **if the attacker knows your destination** it will screw up your positioning everywhere. You navigation will often show you off route and will keep recalculating. You will see your position on a wrong street.

    In addition your phone most likely downloads GPS ephemeris and almanac data either over cellular network or over your home internet connection which are not that easy to attack. If your home internet connection is under man-in-the-middle attack you have bigger problems than GPS.

  2. > Imagine a situation – you are using your phone’s GPS to navigate. Meanwhile a network-level attacker from their secret hideout is doing a man-in-the-middle attack and modifying the position data to guide you to a completely different path!

    That example would be totally impossible or would require an INSANELY powerful computer.

    It only uses the internet to get satellite position data, which the satellites also send out over the system occasionally. The timing data is still received directly from the satellites.

    So to be able to reliably spoof your gps into thinking it’s in a different place, you’d have to be able to, in real time, determine what position all the GPS satellites would need to be in so that the current timing information you receive from being where you are would match up to where they want to spoof you to be.

    Which would be insane.

    Ntm when those satellites send you, directly, the real position data, your device prioritizes it.

  3. Hi! Author here.

    u/flicter22

    Thanks for posting the article.

    u/softwaresaur

    I agree – the first example is kinda far-fetched, but I don’t want to throw truckload of technical jargons from the beginning.

    u/MZGSZM

    The glitch was originally spotted by me. As described in the article, I did a few tests, and then contacted with OnePlus with the results. After they acknowledged (standard disclosure policy), I wrote the article.

    u/real_sadboi

    I like to know why do you think the website as ‘sketchy’? Yes, it’s not eye-candy, but have you taken a look at the articles?

    u/Blades132 & u/lucifer663

    Thanks! We will come up with more investigative works – stay tuned!

    u/scienceguy131

    😁

    ​

    ​

    ​

    ​

    ​

  4. I wonder if Xiaomi ever really gets flak for security issues. I never really hear about Xiaomi having these kinds of problems.

    Kinda sucks that every « value » company is some sketchy Chinese company. I need a new mid-ranger and my only options are basically some imported Galaxy J/A-series phone (honesty my best option) or a crappy MVNO prepaid phone.

    If I don’t give a fuck about privacy and the CCP, then my options widen significantly to several dozen models of Motorola/Xiaomi/Huawei/Nokia (due to their recent data issue) phones.

  5. The only reason for buying a cheap phone is the hardware. Flashing lineageos or whatever is a must on brands like xiaomi and huwai (so much so that they locked the bootloader lol)

Les commentaires sont fermés.