Motorola DROID RAZR HD XT926 "Vanquish" Pre-Release Thread

**TC_Mits** · 07-27-2012, 06:36 PM

Originally Posted by jasaero

Well stuff like this has always existed really though. Pretty sure junk snail mail, to specific addresses, was getting sent to many or most households before we even had such a thing as computers. It might not have been as prevalent and you may have had a better idea how that particular firm obtained your address, but it was the same thing.

Shoot before that they didn't even bother with hunting down who you were, they just sat on a street corner and tried to sell you something when you passed by. They would often get money and not have to give up anything of value. Shoot I bet even in snake oil times the snake oil guy usually exploited local retailers to give himself more credibility when he passed through. There are just large penalties for ignorance in a truly free economy.

All very true. Those are the things you can see. It's the malware apps hidden on my PC and my cellphone stealing my hardware resources and battery reserves in order to record my private data and store it who knows where for I'll never know what purpose that irk me just a tad.

Carrier IQ was installed on millions of handsets and -- even after it was exposed -- nobody really noticed it doing its dirty work.

Perspective instantiates reality.
[From DX by HoFo app.]

**jroc74** · 07-28-2012, 06:06 PM

Yea the battery.....I still thought the Maxx was pretty thin. I thought the Bionic was pretty thin...maybe my Rezound is just so much heavier...lol I said this before....I dont think I will ever get a phone as thin as the RAZR again. Good for pockets....kinda awkward to hold.

That NFC hack.....without him doing it.....we wouldnt know how unsecure NFC can be. So I see folks like him a necessity. Means the manufactures, companies need to up their security game and we need to be more aware of what we have, how we use our phones. Is this the same hack that was done at the Black Hat conference? Thats an annual security conference......doing things like this is the goal, to show just how unsecure some things can be.

I remember one security conference that showed a guy getting his stolen Mac back:

http://www.youtube.com/watch?v=U4oB2...ayer_embedded#!

Nice story.....but it shows if someone knows what they are doing....anything is vulnerable. He made a good point too: if his PC was more secure.....he probably woulda never got it back.

**TC_Mits** · 07-28-2012, 06:22 PM

I agree. It's always a positive when these sorts of things surface because, for the most part, people are oblivious to what's going on inside their handsets.

Perspective instantiates reality.
[From DX by HoFo app.]

**Paulo1300** · 07-29-2012, 09:22 AM

Originally Posted by jasaero

I still maintain someone can steal your WHOLE wallet without your knowledge easier than even this. I get that they can do what you are claiming, but it's not a sure thing and still needs to be so close you would tend to notice some sorta odd behavior from an operative trying to conduct the operation. Also this tends to be a person by person and one by one assault when you have more multi-victim mass attack stuff like this that someone willing to put effort into high tech crime is probably going to MUCH more likely to focus on. Sure there will be things like that related to NFC eventually also. There is no such thing as 100% secure and NEVER will be. NFC is and always will be, no matter how exploitable, more secure than a checking account accepting paper check payments or a credit or debit card as there is no easily accessed and in plain sight number related info that can be exploited. Particularly today. If the only way you could access your money right now was through and NFC bump, it would be MUCH more secure than it is now, pure and simple. And that will remain true and become only more true as they patch exploits such as the ones you point out and add further security measures that could even include biometric means to enabling transaction on your account.

Right now NFC might be more secure, but that could be affected by the amount of people that use it. If the masses were using it, hackers would put more time into it. Right now its pointless for them to put in the time. I do not know one person who uses it for real.

**jasaero** · 07-29-2012, 11:10 AM

Originally Posted by Paulo1300

Right now NFC might be more secure, but that could be affected by the amount of people that use it. If the masses were using it, hackers would put more time into it. Right now its pointless for them to put in the time. I do not know one person who uses it for real.

Yes. It'll always be safer than your checks and credit cards though. It's just inherently that way as there is no immediately visible and obvious number tied directly to your account that can be obtained any number of ways along with all your identity information. And a smart techie has to steal your phone for it to be more vulnerable than your wallet if you locked it. If you didn't they still probably need to be pretty savvy if you had something like wallet itself locked. These inherently more secure aspects will always be true.

**TC_Mits** · 07-29-2012, 11:23 AM

The vulnerability of NFC remains to be seen. The vulnerability of Android itself is more evident, if seldom discussed:
http://www.huffingtonpost.com/2011/1...n_1099220.html

It's an old article, but -- let's have a show of hands -- who thinks the problem has pretty much been resolved in the last several months and shouldn't be much of a concern in the future?

Perspective instantiates reality.
[From DX by HoFo app.]

**rideflat** · 08-01-2012, 12:39 PM

Why is it so quiet here?

Sent from my DROID RAZR using HowardForums

**jasaero** · 08-01-2012, 01:23 PM

Lack of any new info mostly I think on the Quiet aspects.

On TC's malware link, I think that will always be an issue with a very open and popular OS ecosystem. Apple stuff is obviously less secure, but ends up probably less prone to attack even though more or less just as popular due to the very closed and controlled nature of the OS and ecosystem. For the longest time you could only use the Apple browser. On android there are various browsers and the standard one is fully open with hackers and malware intender's able to search the raw code and such. Same goes with apps the market is open to any dev good or bad(which is about to change) and not only that the dev API's and such aren't the only means to developing for Android as you have the raw code of the OS itself published and can wonder outside intended parameters of an API in efforts to exploit known things hard coded in the OS that might be totally unknown on iOS mostly because the code just isn't there to peruse looking for obvious holes. So one has to use brute force brainstorm approaches to find security holes rather than just fishing through the source which just isn't available. Think most Apple OS stuff is known to have lots of issues, but many of them are harder to exploit as it's not easy to get apple to let you run your code on their device in the first place, good or bad.

**ronaldheld** · 08-01-2012, 01:24 PM

Without being mean, there is no news or even new rumors, AFAIK. FWIW, the Note II should be announced by August 31th.

**TC_Mits** · 08-01-2012, 02:41 PM

True, malware is perennial. But what concerns me is that it is a significant issue that is almost entirely ignored. We need to acknowledge it and talk about it.

I'd like to see more tools for tracking and identifying intrusive code -- like an upload logger that traces any module uploading data and identifies it's invoking/ parent app. How about some kernels and ROMs for the paranoid set -- like compile all human interface drivers into the kernel, e.g. An install blocker that prevents all installs -- even from the app store -- without hand-keyed password authorization.

For all I know such things may already exist, but since malware just isn't talked about nobody knows about them.

We'll never eliminate malware, but if we had a vigilant Android culture that recognized and actively opposed such intrusions they could be controlled.

Perspective instantiates reality.
[From DX by HoFo app.]

**jasaero** · 08-01-2012, 04:05 PM

Well this is the international version. Guess the leaker wasn't allowed to leak the bezel significance below the onscreen buttons and reveal it didn't really have to use them ala Atrix HD.

http://www.droid-life.com/2012/08/01...ional-variant/

**kbman** · 08-01-2012, 04:13 PM

He is probably hiding the Motorola serial number of his Engineering test device.

**jasaero** · 08-01-2012, 04:19 PM

Originally Posted by kbman

He is probably hiding the Motorola serial number of his Engineering test device.

Seems that's a possibility based on some of the discussion. It seemingly hit initially showing that maybe and everyone covered for whomever got the leak out?? The XDA post has a pretty quick followup suggesting those were there initially.