• @[email protected]
    link
    fedilink
    English
    16 months ago

    It’s generally best to get a phone that receives software updates and security patches for more than 2-3 years.

    See first paragraph again, not everybody is as affluent as you’re, look at the problem from the other perspective

    Additionally, threats can come from various sources like:

    malicious apps,

    will take control of the phone from the inside out, nothing will withstand that

    texts,

    Pegasus will use 0day, nothing to do about that

    USB devices, or physical access,

    Once somebody have physical access because you’re some POI and not an average Joe, not much you can do

    Choosing a manufacturer that supports phones longer can help reduce these risks over the life of the device.

    See first paragraph, parenthesis content. Also phones are made with short lifespan on purpose, this gives steady inflow of money for the manufacturers, only few will give you what you want

    • @9tr6gyp3
      link
      English
      26 months ago

      See first paragraph again, not everybody is as affluent as you’re, look at the problem from the other perspective

      There is no blanket advice for which device to use. You will have to look it up yourself. But if you’re using a phone beyond its supported time, then you are vulnerable.

      will take control of the phone from the inside out, nothing will withstand that

      Nothing can withstand a 0-day attack, but it’s on your manufacturer to prevent a 1460-day attack.

      Pegasus will use 0day, nothing to do about that

      See above statement.

      Once somebody have physical access because you’re some POI and not an average Joe, not much you can do

      You can be a random person walking in a busy metro area and happen to get in range of someone who is scanning for a particular device to use a side-channel attack on. You don’t have to be a POI.

      See first paragraph, parenthesis content. Also phones are made with short lifespan on purpose, this gives steady inflow of money for the manufacturers, only few will give you what you want

      The manufacturers are still responsible for patching their devices. Once they stop doing that, you should know that device can’t be trusted with your privacy and security. This is the minimum baseline standard. If you are trying to extend the life of a device by yourself, and use it as a daily driver, you have decided that your data is free for anyone to have.

      • @[email protected]
        link
        fedilink
        English
        26 months ago

        You can be a random person walking in a busy metro area and happen to get in range of someone who is scanning for a particular device to use a side-channel attack on. You don’t have to be a POI.

        I guess if you’re broadcasting all the beacons your phone can be pawned even if you miss the last month OS update on your latest, greatest, shiny toy. This is just inevitable.

        • @9tr6gyp3
          link
          English
          06 months ago

          You can always go the iPhone route and have Apple support your device for over six years. And you don’t have to buy a phone for a very long time.