this post was submitted on 31 May 2024
0 points (NaN% liked)

Technology

59566 readers
3407 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 20 comments
sorted by: hot top controversial new old
[–] jgomo3@lemmy.world 0 points 5 months ago

"you do need to restart your phone regularly to rid it of demons"

typo: "daemons", not "demons".

[–] henfredemars@infosec.pub 0 points 5 months ago* (last edited 5 months ago) (2 children)

You do it because it makes an attacker’s life harder because now I have to find two bugs instead of one.

The entire boot chain of the phone up to the apps you run are verified successively by the component that loads it. A digital signature helps ensure that only trustworthy code ever runs. A bug must be found to bypass these checks to load malware code. For example, a bug in the image code in a web browser might cause loading of code that isn’t checked. This way the malware gets smuggled onto the phone.

This means that if you get hacked via one bug and malware is loaded, the attacker has to work harder to solve the problem of how do I convince the phone to load it again at boot because the code it’s made of isn’t going to be approved code. When you reboot, you are effectively forcing a validation that all the code you have running is authentic, which would exclude the malware. Trick me once sure, can you survive a full pat down? Probably not. It’ll get caught.

Unless I have a second bug to fool the normal code loading systems too, the malware can’t run. You have to go back and trigger the first bug again somehow, which places more strain on the attacker.

[–] cranakis@reddthat.com 0 points 5 months ago (1 children)

Thanks for taking the time to write that out. I found it really helpful.👍

[–] henfredemars@infosec.pub 0 points 5 months ago (1 children)

I love to talk about computer security. I don’t get the chance often enough.

[–] Chozo@fedia.io 0 points 5 months ago (1 children)

I hope you get more chances to do so; you explained the situation in a much better way than the article and convinced me to reboot my phone.

[–] SeekPie@lemm.ee 0 points 5 months ago* (last edited 5 months ago)

You restart your phone because of security.

I 'restart' my phone, because it's overheated and lost its battery % to 0.

We're not the same.

[–] some_boring_username@lemm.ee 0 points 5 months ago (1 children)

Exactly, as you already explained in detail this is primarily for security.

GrapheneOS has a feature to set a time after which the phone reboots in case there was no unlock. So in case a bad actor gets your phone they only have that time with a running system after the first unlock. However, if you use it normally, and unlock it in regular intervals it does not auto-reboot. This is especially neat if your threat level is not "investigative journalist" or "political activist on the run", because then you can set the time to a longer interval and the phone does not reboot every night when you are asleep which also leads to the SIM card being locked and nobody being able to call you...

[–] henfredemars@infosec.pub 0 points 5 months ago (1 children)

I remember this feature, and I wish it was a standard Android feature. It sounds like it would be trivial to implement and could be completely optional.

[–] essell@lemmy.world 0 points 5 months ago (1 children)

I wonder if tasker could do it... 🤔

[–] henfredemars@infosec.pub 0 points 5 months ago (1 children)

I don’t think applications can reboot the phone.

[–] TonyOstrich@lemmy.world 0 points 5 months ago

Technically they can.....but it requires root which within the context of this conversation yeah, you're right, lol

[–] drawerair@lemmy.world 0 points 5 months ago (1 children)

I'm doubtful. I wanna hear more from security experts.

[–] deadcade@lemmy.deadca.de 0 points 5 months ago

The bootloader of your phone (if locked) is one of the most secure parts. It's very hard to get into a modern phones bootloader. In contrast, finding an exploit in a running phone is a lot more feasible.

If a vulnerability was abused to get into your running phone, it will persist until the phone reboots, and the bootloader verifies the core parts of the operating system at startup. In order to persist past a reboot, malware like that would need a vulnerability in the bootloader, or a bypass for its integrity checks.

Alongside that, any background services ("daemons") that got stuck or became slow over time are forced to restart. Operating system updates can be applied, and working memory is cleared.

In general, it's just good advice to just reboot your phone once in a while. There's no harm in doing so.

[–] altima_neo@lemmy.zip 0 points 5 months ago (1 children)

Jokes on them, my S22 Ultra restarts in it's own. Even when I don't want it to.

[–] kromem@lemmy.world 0 points 5 months ago* (last edited 5 months ago) (1 children)

Replace your battery.

Your phone is 2 years old.

Phone batteries are typically designed to last around 2 years before they really degrade because a lot of people buy new ones around every 2-3 years.

When the battery can't sustain the same throughput, the phone can handle this in one of two ways.

  1. Slow the phone down. This is what Apple does and why people with iPhones 2 years old complain the new update slowed their phone down.

  2. Don't slow it down but if the throughput drops below what's needed, die and reboot. This is what your phone is doing.

Getting a new battery will probably stop this behavior (and for iPhone users reading this, getting a new battery for a 2 year old phone will make your phone faster).

Edit: Seems some of you don't believe me looking at the downvotes. Look at number 8 in this list: https://helpdeskgeek.com/help-desk/why-your-android-phone-keeps-restarting-and-9-ways-to-fix/

[–] p5yk0t1km1r4ge@lemmy.world 0 points 5 months ago (1 children)

I have an s22 ultra as well, and it's fine? Sounds more like they have some rogue apps causing the restart.

[–] altima_neo@lemmy.zip 0 points 5 months ago

Didn't really have much installed aside from revanced and Firefox

[–] pewgar_seemsimandroid@lemmy.blahaj.zone 0 points 5 months ago (1 children)

finaly the nsa doesn't do something stupid

[–] ruse8145@lemmy.sdf.org 0 points 5 months ago (1 children)

I'd love to see your list of "stupid" things... not immoral, vicious, incendiary, criminal, etc...but stupid. None of those things is stupid if they are also your fundamental mandate.

✨ Us government instance discovered ✨