[Replicant] Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

John replicantor at riseup.net
Sun Mar 26 07:50:57 UTC 2023


On Fri, 24 Mar 2023 23:29:24 +0100 Denis 'GNUtoo' Carikli wrote:

> I'm not sure if Replicant devices are affected too,

Who/Where should we ask?

> though:
> - It's relatively easy to find vulnerabilities in Samsung modems more
>   recent than the ones supported by Replicant, so it would be
>   surprising if it wasn't easy to also find similar vulnerabilities in
>   the modems of Replicant compatible smartphones.

What is that easy way exactly? Is it documented anywhere? How can one
tests one's device?
 
> - Replicant 6.0 probably has many unpatched vulnerabilities because
>   it's based on a LineageOS version that isn't maintained anymore.
> Some are probably serious and easily exploitable (like the ones in
>   Webview, the browser component used in many Android applications).

Why isn't that important info on the first page of the website?

I have spent a lot of time finding and buying devices explicitly
supported by Replicant 6, assuming that being FOSS it would have more
eyes on it. Now it sounds like I invested explicitly in insecurity
which nobody is going to even look at. Quite disturbing.


More information about the Replicant mailing list