The Man wrote:

>
>> The only reason it's not *also* a windows problem is that windows can't
>> possibly run on a cellphone....
>
> http://www.windowsfordevices.com/art...468909181.html
>
> Do you have any other clueless comments you'd like to make Cpt Dungo?

Those are "smartphones" and PDA. Not what I call a cellphone. My
linux-based Motorola is about 3.5 x 1.75", way smaller and lighter than
the PDAs listed in that article.

>> As to the "horror story" - why don't they get a prepaid phone?
> Because prepaid phones suck.
>
>> Or do away with cell phones altogether?
> Sure. And let's do away with electricity too.

I have 5 stray cats that like to roll around on a particular doormat on
my deck. It's really aggavating, as they fight over it, and leave
cat**** and cathair all over the place.

I could call the paper and police and whatever, and whine about the
horrible state of stray cats.

Or I could just fold the doormat over so the cats can't get to the
scratchy part.

Hmmm... You decide.

And, BTW, I've met Einstein's daugher and secretary several times. And
sat in his chair. (And probably peed in the same urinal....) So
calling me "Einstein" is pretty neat.

--Yan

The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, CptDondo
>
>>
>> Presumably, once the phone is off, the linux kernel is not running; yet
>> according to the reports, the phone can still transmit conversations.
>
> That is an interesting but probably false assumption,
> though I'll admit to some curiosity on the details.
> Presumably, there are three modes:
>
> [1] The thing is really off, as in
> removal-of-the-battery-pack off. Some might also
> have a power switch that cannot be remotely actuated.
> Windows, Linux, Symbian, HURD -- it doesn't matter;
> only one's finger (or brushing against something)
> can flip that switch.
>
> [2] The thing is in a mode where it takes a minimum of
> power, listening to its antenna at most, waiting
> for a call. IINM, this is "standby" mode, and is
> characterized by low power consumption. This is the
> mode which is allegedly hackable, according to the OP.
> Whether it's actually possible may depend on the phone.
>
> [3] The thing is on and the mike and speaker are active,
> either for an actual phone call or for video.
>
> Which mode is everyone's cell phone in? Most likely, [2].
> This is not off, just on standby.
>

I am somewhat curious about this as well. All the phones I've seen,
when "off" - i.e. power button pushed - are pretty much doorstops. When
you push the power button, they go through a boot process - display a
logo, show some graphics, play a cheesy sound - so I would assume the
kernel is booting.

I can't see how a phone in the off state can transmit anything unless
specially modified.

In standby, there is a way for the phone to wake up - incoming calls,
flip it open, etc. Presumably in this state the phone can be updated
remotely.

I actually turn mine off quite a bit; whenever I don't want to be
disturbed. Heck, I leave it at home when I go on vacation.

I still stand by my original statement - if the phone bothers you, get
rid of it. It's really simple. Use a landline.

On Jun 28, 3:43 pm, "Cassandra" wrote:
> Her advocates claim Linux is more secure than Windows and as proof they
> offer
> the list of viruses that target Windows. The rebuttal is typically that
> Window is an attractive target for virus writers due to its ubiquity. The
> Linux advocate's reply is that, Linux's architecture makes it impossible to
> hack. I think we've all seen this exchange. Whether Linux is immune from
> hacking is an open question. What if Linux were ubiquitous? Would hackers
> try to break in? Could hackers succeed? The answer to these questions is
> yes.
>
> Motorola has embraced Linux as the OS to run on its line of cell phones
> (http://news.com.com/2100-1001-984424.html). The following link includes
> over a dozen cell phone offering, including the Razr, which feature Linux:http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a leading
> cell phone company. Motorola's market share has reached the critical mass
> required to make the devices attractive to the l33t haxtorz.
>
> Cell phones are venerable to a security threat called 'The Roving Bug'. The
> bug allows people to listen in on you conversations even when the cell phone
> is off. People can remotely turn on your cell phone, listen in on your
> conversations, upload and download data, and take photos without you knowing
> it. The only way to secure your cell phone and your privacy is to remove
> the
> battery.
>
> Here's what one site has to say:
>
>
> Nextel and Samsung handsets and the Motorola Razr are especially vulnerable
> to software downloads that activate their microphones, said James Atkinson,
> a
> counter-surveillance consultant who has worked closely with government
> agencies. "They can be remotely accessed and made to transmit room audio all
> the time," he said. "You can do that without having physical access to the
> phone."
>
> Because modern handsets are miniature computers, downloaded software could
> modify the usual interface that always displays when a call is in progress.
> The spyware could then place a call to the FBI and activate the microphone--
> all without the owner knowing it happened
> http://hootsbuddy.blogspot.com/2006/...oving-bug.html
>
> The article says, ". the Motorola Razr [running Linux] are especially
> venerable ."
>
> It turns out that Linux's security model is porous as a sieve. Devices
> running Linux are being hacked and taken over by remote hackers. The
> security hole persists even when the device is turned off. But is it some
> secret 'back door' that only the government knows how to access? Nope, the
> world knows how to by pass and exploit Linux's so-called security. Here's a
> horror story describing the hell created because of Linux's weak security:http://www.thenewstribune.com/news/c...ory/91460.html.
>
> I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I
> reply, "Irrelevant!"
>
> This issue is about a bug in Linux. This is about a known bug in Linux
> that's been hanging around for months. It is a bug a known bug in Linux
> that's been hanging around for months that has not been fixed. This is
> about
> a security hole in Linux. Windows is not the issue here. This is a Linux
> problem and not a Windows problem.

This post is weird, because it has more to do with how the phone was
designed and how they made their linux flavor work, than an actual
problem with linux. Not only that, since the phone os is closed
source, it's their responsibility to fix the bug anyway, and the OSS
community doesn't have anything to do with it. I'm going to go ahead
and make a generalized statement about telco -- they way over-
complicate things so they can charge outrageous prices for their
support. This is nothing more than a phone company doing the same as
phone companies have always done.

Really this is a linux advocacy forum and you bringing an argument in
here about an embedded os on a propietary system doesn't really fight
linux or support it, stick to the cellular forums

tblanchard001@gmail.com wrote:

> On Jun 28, 3:43 pm, "Cassandra" wrote:
>> Her advocates claim Linux is more secure than Windows and as proof they
>> offer
>> the list of viruses that target Windows. The rebuttal is typically that
>> Window is an attractive target for virus writers due to its ubiquity.
>> The Linux advocate's reply is that, Linux's architecture makes it
>> impossible to
>> hack. I think we've all seen this exchange. Whether Linux is immune
>> from
>> hacking is an open question. What if Linux were ubiquitous? Would
>> hackers
>> try to break in? Could hackers succeed? The answer to these questions
>> is yes.
>>
>> Motorola has embraced Linux as the OS to run on its line of cell phones
>> (http://news.com.com/2100-1001-984424.html). The following link includes
>> over a dozen cell phone offering, including the Razr, which feature
>> Linux:http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a
>> leading
>> cell phone company. Motorola's market share has reached the critical
>> mass required to make the devices attractive to the l33t haxtorz.
>>
>> Cell phones are venerable to a security threat called 'The Roving Bug'.
>> The bug allows people to listen in on you conversations even when the
>> cell phone
>> is off. People can remotely turn on your cell phone, listen in on your
>> conversations, upload and download data, and take photos without you
>> knowing
>> it. The only way to secure your cell phone and your privacy is to remove
>> the
>> battery.
>>
>> Here's what one site has to say:
>>
>>
>> Nextel and Samsung handsets and the Motorola Razr are especially
>> vulnerable to software downloads that activate their microphones, said
>> James Atkinson, a
>> counter-surveillance consultant who has worked closely with government
>> agencies. "They can be remotely accessed and made to transmit room audio
>> all the time," he said. "You can do that without having physical access
>> to the phone."
>>
>> Because modern handsets are miniature computers, downloaded software
>> could modify the usual interface that always displays when a call is in
>> progress. The spyware could then place a call to the FBI and activate the
>> microphone-- all without the owner knowing it happened
>> http://hootsbuddy.blogspot.com/2006/...oving-bug.html
>>
>> The article says, ". the Motorola Razr [running Linux] are especially
>> venerable ."
>>
>> It turns out that Linux's security model is porous as a sieve. Devices
>> running Linux are being hacked and taken over by remote hackers. The
>> security hole persists even when the device is turned off. But is it
>> some
>> secret 'back door' that only the government knows how to access? Nope,
>> the
>> world knows how to by pass and exploit Linux's so-called security.
>> Here's a horror story describing the hell created because of Linux's weak
>> security:http://www.thenewstribune.com/news/c...ory/91460.html.
>>
>> I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I
>> reply, "Irrelevant!"
>>
>> This issue is about a bug in Linux. This is about a known bug in Linux
>> that's been hanging around for months. It is a bug a known bug in Linux
>> that's been hanging around for months that has not been fixed. This is
>> about
>> a security hole in Linux. Windows is not the issue here. This is a
>> Linux problem and not a Windows problem.
>
> This post is weird, because it has more to do with how the phone was
> designed and how they made their linux flavor work, than an actual
> problem with linux. Not only that, since the phone os is closed
> source, it's their responsibility to fix the bug anyway, and the OSS
> community doesn't have anything to do with it. I'm going to go ahead
> and make a generalized statement about telco -- they way over-
> complicate things so they can charge outrageous prices for their
> support. This is nothing more than a phone company doing the same as
> phone companies have always done.
>
> Really this is a linux advocacy forum and you bringing an argument in
> here about an embedded os on a propietary system doesn't really fight
> linux or support it, stick to the cellular forums

It probably developed that way. It started off as the relative merits of
Linux vs Windows. Then it became "This is a Linux issue, therefore it is a
matter for the Linux community," which is false. It overlooked the point
that Linux is not the same thing as Open Source - the two simply go hand in
hand, most of the time. At least it remained technical. Many threads go
off at a tangent - usually humorously.

Actually, I am becoming the Roving Blog - more interested in garrulous
blogging than in contributing usefully. Wish never to grow old.

Doug.
--
I am a part of all that I have met.
- Lord Tennyson, "Ulysses."

On 2007-06-29, CptDondo wrote:
> I am somewhat curious about this as well. All the phones I've
> seen, when "off" - i.e. power button pushed - are pretty much
> doorstops. When you push the power button, they go through a
> boot process - display a logo, show some graphics, play a
> cheesy sound - so I would assume the kernel is booting.
>
> I can't see how a phone in the off state can transmit anything
> unless specially modified.

That's actually the point of roving bug mode. Once this mode is
activated, a "turned off" phone is no longer, strictly speaking,
off. The screen is off and the thing won't accept calls to the
owner, but despite all appearances it's secretly doing the
network operator's bidding.

On the other hand, I don't know what the precise mechanism for
enabling roving bug mode is -- does the phone check in with the
network as it shuts down as to whether it's supposed to stay
awake? Does a turned-off cell phone actually periodically power
up to check the network for roving bug status? It's an
interesting technical question, even if it does give me the
heebie jeebies...

--
Mark Shroyer
http://markshroyer.com/

CptDondo wrote:

> The Ghost In The Machine wrote:
>
> I am somewhat curious about this as well. All the phones I've seen,
> when "off" - i.e. power button pushed - are pretty much doorstops. When
> you push the power button, they go through a boot process - display a
> logo, show some graphics, play a cheesy sound - so I would assume the
> kernel is booting.

On most designs, the power button is a software thing. What you see
is a simulation of 'OFF' - display and radio get shut down, the processor
goes on a slow clock and the power consumption drops low enough to
not matter any more.

Some simple phones go through a "boot process" when switched on, but
most modern ones actually just come out of what you would call hibernation
for a laptop.

Some phones take minutes to boot when they start from scratch.

>
> I can't see how a phone in the off state can transmit anything unless
> specially modified.

It normally doesn't. But the software in the phone is exchangeable and
on many phones this can be done remotely over the network. Law enforcement
can and will do this.

There is no hardware feature which could stop the software to fire up
the radio and transmit a conversation while you think the phone is off.

>
> In standby, there is a way for the phone to wake up - incoming calls,
> flip it open, etc. Presumably in this state the phone can be updated
> remotely.

Again, this is behavior entirely defined by software. There is a
good chance that a software update can only happen when in standby,
but after that, all bets are off.

The only sure-fire way to switch the phone off is to pull the battery.
It takes energy to transmit and apart from the battery, a phone can
not store any significant amount of energy.

BTW, the 'bug' in "roving bug" is not a bug in a software sense. It's
a surveillance bug, which may or may not be implemented by hacking or
otherwise modifying a phone.

Kind regards,

Iwo

In article ,
The Ghost In The Machine wrote:

>[1] The thing is really off, as in
> removal-of-the-battery-pack off. Some might also
> have a power switch that cannot be remotely actuated.
> Windows, Linux, Symbian, HURD -- it doesn't matter;
> only one's finger (or brushing against something)
> can flip that switch.

Is there another battery inside that isn't removable?

--
http://www.spinics.net/lists/