A new approach to Re: Itch3: Anti-lost/theft protection -THE REAL PROBLEM APPEARED!

Attila Csipa plists at prometheus.org.yu
Thu Mar 1 12:32:21 CET 2007


On Thursday 01 March 2007 08:41, you wrote:
> later someone will write a Troyan Horse, some king of dialer (like for
> application made calls and sent smses. Openmoko kernel should log any
>
> What do you think?

There are two sides to this problem - one, the origin of software. This has 
actually been dealt with so we have examples like the Debian repositories 
which verify (gpg signatures, etc) packages so you know that the thing you 
are installing actually came from a place/person you trust. The other problem 
is just as present on regular PC-s, as you have trojans which, when run, 
change your dialup settings so you dial a high-price number on the other side 
the globe instead of your regular ISP. The second aspect is protection from 
malware. There are several solutions on this - proper user rights, 
virtualization, and filtering on the API level of the phone itself, best to 
combine all of these, since kernel logging won't help much if the trojan has 
root access and hides/works in the kernel as a module, for example.




More information about the community mailing list