Thanks a lot for all your responses. And btw is it so that all services/activities within the system partition only have a temporary privilege escalation to root? Or is there anything on the system partition like some daemons all the time running as root? And if not, is this done as a conscious security step?
@JBQ: Ok then is remount/mount command on system or data partition allowed from terminal for all users?? This way we just have to remount the partition to r-w and then execute or? I'm sure it isn't but just checking :) @Chris: So the ONLY way exploits gets into the Android is by means of Apps. Or to elaborate, even native exploits are hidden inside an apk and then distributed. What about manipulating some library and letting users use this .so? Is it even possible? And since any App calling this library would say, get root permission and do some damage?? I am only musing loudly as to what possibilities exist to attack android. @Kevin:Users must be given fine grained revokeable control of apps. What users care about and what needs securing is almost always under their default priviledges anyway. Good one :) On Tue, Aug 2, 2011 at 8:21 PM, Kevin Chadwick <[email protected]>wrote: On Tue, 2 Aug 2011 10:02:01 +0200 patrick Immling <[email protected]> wrote: > And the way to break down the Android is to rip through the security barrier > is to find a way to compromise it is through a privilege escalation. The main thing attackers need root for is to hide a backdoor or activity away and make sure your device stays under their control forever or maybe to upgrade your device to avoid the exploits providers subject you to. As demonstarted by Windows most attacks aren't that sophisticated. Users must be given fine grained revokeable control of apps. What users care about and what needs securing is almost always under their default priviledges anyway. On Tue, Aug 2, 2011 at 8:21 PM, Kevin Chadwick <[email protected]>wrote: > On Tue, 2 Aug 2011 10:02:01 +0200 > patrick Immling <[email protected]> wrote: > > > And the way to break down the Android is to rip through the security > barrier > > is to find a way to compromise it is through a privilege escalation. > > The main thing attackers need root for is to hide a backdoor or activity > away and make sure your device stays under their control forever or > maybe to upgrade your device to avoid the exploits providers subject > you to. As demonstarted by Windows most attacks aren't that > sophisticated. Users must be given fine grained revokeable control of > apps. What users care about and what needs securing is almost always > under their default priviledges anyway. > > -- > Kevin Chadwick <[email protected]> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
