[Replicant] Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks
John
replicantor at riseup.net
Sun Mar 26 07:50:57 UTC 2023
On Fri, 24 Mar 2023 23:29:24 +0100 Denis 'GNUtoo' Carikli wrote:
> I'm not sure if Replicant devices are affected too,
Who/Where should we ask?
> though:
> - It's relatively easy to find vulnerabilities in Samsung modems more
> recent than the ones supported by Replicant, so it would be
> surprising if it wasn't easy to also find similar vulnerabilities in
> the modems of Replicant compatible smartphones.
What is that easy way exactly? Is it documented anywhere? How can one
tests one's device?
> - Replicant 6.0 probably has many unpatched vulnerabilities because
> it's based on a LineageOS version that isn't maintained anymore.
> Some are probably serious and easily exploitable (like the ones in
> Webview, the browser component used in many Android applications).
Why isn't that important info on the first page of the website?
I have spent a lot of time finding and buying devices explicitly
supported by Replicant 6, assuming that being FOSS it would have more
eyes on it. Now it sounds like I invested explicitly in insecurity
which nobody is going to even look at. Quite disturbing.
More information about the Replicant
mailing list