woow.. bener2 open semua data pribadi ke server dia ya parah banget ini... makin ga aman donk
apa emang semua smartphone ga aman?? *kan android bukan OS... tapi bahasa pemrograman* damn if this true.. ga aman.. all my private banking account On Wednesday, July 3, 2013 1:23:36 PM UTC+7, Yudhistira Dwi Putra wrote: > > ada yang udah pernah liat/baca artikel ini? > > http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html > > *Content preview :* > > In June of 2013, I made an interesting discovery about the Android phone > (a Motorola Droid X2) which I was using at the time: it was silently > sending a considerable amount of sensitive information to Motorola, and to > compound the problem, a great deal of it was over an unencrypted HTTP > channel. > > If you're in a hurry, you can skip straight to the Analysis - email, > ActiveSync, and social > networking<http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html#Analysis1> > section > - that's where the most sensitive information (e.g. email/social network > account passwords) is discussed. > > Update 2 (2013-07-02 @ 08:03) - potential device security concern > > I realized this morning that there may be a more significant problem. See > Potential > (untested) device security > concern<http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html#PotentialDeviceSecurityConcern>, > > below. > > Update 1 (2013-07-02 @ 05:30) - Android, the Droid X2, and Blur > > This article has gotten a lot more attention than I expected. > > A clarification I'd like to make (because there seems to be a lot of > confusion about this) is that *the Droid X2 does not use Motorola's > "Blur"/"MotoBlur" user interface*. That's one of the reasons I picked > that model specifically back in 2011 - it seemed to be running something > very close to the stock version of Android. > > The email client, web browser, text-messaging app, and so on look like the > ones that were included on the G1 I had previously, which is about as close > to "stock Android" as you can get with a carrier-installed OS. Based on my > research, it seems that they've all been modified to silently send data to > and/or through the Blur web-service back-end, but there's no indication to > the user that this is the case unless they do the sort of network capture > that I did. There is no prompt to create or use a Blur user ID - the phone > uses a randomly-generated Blur account for all of the behind-the-scenes > activity described below. > > I would be *very* interested in trying this same test with more recent > Motorola phones, because there's definitely the perception out there that > Blur has been phased out, and I think it's much more likely that it's just > the UI on their phones that's been changed, as opposed to removing the > underlying Blur functionality. > > If you're still unsure why I think this is a problem, ask yourself this: > if you bought a desktop PC running Windows, then discovered two years later > that the hardware manufacturer had installed modified versions of standard > Windows software like Outlook Express and Internet Explorer which - without > any indication to the user - sent your passwords to, and routed other > traffic through servers owned by the PC manufacturer instead of connecting > directly to the actual websites and mail servers, would you be OK with it? > If not, then why are you when it's a phone instead of a desktop > PC?................................. > > > Serius bikin penasaran klo bener iya apa ada hubungannya sama program us > yang ngemoniting semua traffic internet ato emang datanya cuma buat > motorola pribadi? yang bikin tambah penasaran jadi pengen ngecek apakah > touchwiz or sense ada beginiannya juga ato gak ;p. > -- ========== INDOSAT SUPER 3G plus http://www.indosat.com/Personal/Internet/INDOSAT_SUPER_3G_plus --------------------- ID-Android on YouTube https://www.youtube.com/watch?v=0u81L8Qpy5A -------------------- Web Hosting, Zimbra Mail Server, VPS gratis Raspberry Pi : http://www.hostune.com -------------------- Aturan Umum ID-Android: http://goo.gl/MpVq8 Join Forum ID-ANDROID: http://forum.android.or.id ========== --- Anda menerima pesan ini karena Anda berlangganan grup "[id-android] Indonesian Android Community " dari Grup Google. Untuk berhenti berlangganan dan berhenti menerima email dari grup ini, kirim email ke id-android+berhenti berlangga...@googlegroups.com .
