FP1 vulnerable to Dogspectus threat?

Is the FP1 vulnerable to the Dogspectus (also: Cyber Police) threat?

Information from heise.de (German): Dogspectus: Erste Android-Geräte im Vorbeisurfen mit Exploit-Kit verseucht | heise online

While I am not sure if the OS is vulnerable, just don’t use the default browser (which anyways is not very secure).
Also I would recommend to regularly back up your data; not only because of Dogspectus :wink:

1 Like

Related to this:

3 Likes

It seems to be based on CVE-2014-3153 (Linux kernel) Local privilege escalation in futex syscall. That’s a very old one and should be patched already. If not, it’s time to switch to the unofficial 4.4.4 port from unknown sources. But if you read the thread @Stefan linked to it looks like they are/were “aware”. For the lack of a better word right now. I don’t see the CVE patched in a Changelog or something like that right now.

With other words: It is very insecure to use FP1? Well - this wasn’t the idea when I bought it and supported your project. And I never understood why the majority of smartphones aren’t able to upgrade their OS (FP1 included).

Four days ago I asked in thread FP1 vulnerable to Dogspectus threat? which answer Fairphone will give to users of FP1 to the very severe security problem with Android 4.2 - mainly if we can expect a security update very soon. But there was no answer. So all FP1 users are in danger with their phone? Very strange.

Link: https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware

Probably they didn’t read it, as they don’t have time to read everything on the community forum. This is why the welcome banner warns that it isn’t an official support channel:

So if you want a direct answer, consider filing a support request. The form is here, alternatively phone details are at the bottom of that page.

1 Like

Well, at Fairphone people are aware about the situation, and this has been discussed in numerous threads, so apparently many users see no need to start the whole discussion again.
From the official side, please have a look at this (as the topic also has been addressed on the Fairphone website in the past).

1 Like

Yes I know this statement - it was 5 (!) months ago - but such a severe security problem should be solved NOW and not later some time in “lifetime”.

1 Like

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.