Hacker News new | past | comments | ask | show | jobs | submit login

Except that popular chipsets (ie: get community support due to device saturation) do see vulnerabilities published past the point of support. I trust Qualcomm's ability to develop their modem driver (which is an entire Linux install) very little, and I trust it's ability to stand the test of time to be even less.

I'm not sure I'm saying it's a total loss, but I feel a bit lost on what to do as well. Do I think Google will support their Tensor chips longer? Not really.

I feel like I still lean towards buying a portable hotspot, a small Android tablet, and calling it good. I already get calls over VOIP and SMS/MMS over jmp.chat so I don't really need a "cellular phone". But also, ugh, those portable hotspots are probably even more of a vendor-ware security nightmare. At least I could upgrade them independently and somewhat treat it as isolated, if I only connect over Wifi? Maybe?




If the mere possibility of a bug is a show stopper, you really shouldn't use anything because this possibility always exists --- with all hardware and software.


I think there's a difference in saying "software tends to be buggy, security can't be perfect" vs "I'm using a baseband modem running out-of-date Linux, that has DMA to my entire phone, that the manufacturer has stopped supporting, and there's active CVEs".

> Without physical possession of the device, access to drivers passes through the OS.

With all due respect, that is not a wise take on modern device security. At all, all, all.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: