hardballs

  • Joined Jul 15, 2024
  • GrapheneOS You're right of course. Nevertheless, those old devices provided me with a last line of defense.

  • other8026 Thank you for mentioning the Info app. It looks like it shows the release notes of installed updates. I will trust that the updates are hard to be tampered with. (The web installer was impressive..)

    • hardballs auditor says pinned os patch level is 2024-07, vendor and boot patch level is 2024-07-05. Possible to get more info on the individual updates?

      • fid02 Many thanks for the info. Well then.. I'm ready to go on and see it as an error during "app optimisation", switching system language for the profile and switching profiles simultaneously. Now I need to lookup and verify the last two OS updates on my phone. Probably using auditor.. or adb.

        • fid02 Yes, sure. There is a remote possibility the VPN app was malfunctioning, since it also sets those two options to enabled at install time. But it makes no sense, really.

          • fid02 Friends and family had their devices malfunctioning and were getting locked out of accounts. Manipulation of local filesystems, pcaps of floods, replay attacks and C2 traffic. All devices were up to date. The evidence would de-anonymize me. Context: I pissed off a large company. Central Europe.

          • fid02 both VPN options (always on and don't allow connections outside of VPN) were disabled.

            • de0u I'm referring to the velocity. I don't know if it already happened on a massive scale. The malware seems to be able to spread via hijacked connections to apple servers and they did it from privileged network positions. Even going through another iPhone's hotspot got it reinfected. Thanks to apple for making such a mess of background connections.. Like getting root certs from random seeming Akamai hosts (not within "their" IP block). I've seen enough. Still kept an infected phone and MacBook but now it's dormant or has been remotely wiped.

              • fid02 Thank you for the reply - the VPN was not the issue, it reconnected instantly. I was uncomfortable with the automatic settings change.

                • Also, is there a way to see which updates have been installed? I guess it would have been 2024070900 and 2024071200.

                  • Another datapoint: Even old android devices with lineage are safer. Smaller target -> less off-the-shelf zero days.

                    • Having just experienced this myself - some people (with deep pockets or state actors) are infecting iPhones with malware en masse right now. Lockdown mode doesn't do anything. Apple devices are just a too large target nowadays it seems. I could never go back.

                      • de0u replied to this.
                      • Hi there! I'm new to GOS and just had an event that got me a little concerned.
                        Since a few days there was an OS update available, which I postponed until now. At the same time, I switched the system language which also prompted a restart of play services. And also at the same time - and that's what got me concerned - one user profile took quite a while to load (approx. 10 seconds, I thought the session might have crashed) and afterwards wouldn't connect to its always-on VPN. Had a look in the settings and both options (always on and don't allow connections outside of VPN) were disabled. Other profiles didn't have that problem. It might be that the profile in question has more apps installed, which were "optimizing" at that moment.
                        Rebooted after the OS update finished and promptly got another OS update, which I'm now also installing.
                        Do you also find that concerning? Did I just do too many things at once?