• Off Topic
  • Risks associated with using an outdated phone

  • [deleted]

I'm curious what are the most likely attack channels to be opened up by using an outdated phone (Example: Pixel 4)

What I mean by this is, would it most likely be channels such as WIFI or Bluetooth hardware being exploited by someone in your physical vicinity? Or could it also open you up to attacks through your web browser or SMS even if you keep your browser and SMS application up to date etc?

Thanks

It could be literally any attack that has been discovered since the last update on the phone.

    • [deleted]

    roddyd Do there exist "remote" attacks that don't use vulnerabilities in an app you are using, such as a browser?

      Vulnerability management in the mobile space is interesting.
      You could spend hours every week, going through the latest CVEs for your device and apps.

      Basically, if your phone hasn't received a security update in 6 months, then check the CVE databases to see if there are any new vulnerabilities that was patched by a later release of Android than what you have. There are bound to be a few. Most are not exploited, although the risk remains.

      For apps, a bigger issue is the Android API levels. If your phone has stopped receiving updates for a while, the more secure APIs (we're at 33 now), cannot be used by up-to-date apps. Using newer APIs takes advantage of the latest security and privacy features.
      Even if your phone is up to date, running old apps that haven't been updated in years, could also reflect a similar vulnerability.

      [deleted] Yes. There has historically been attacks on Android phones using text messages or phone calls sent from a remote device with no input required from the victim.

      There is also attacks to the baseband directly. Just look at the security bulletins on AOSP