this post was submitted on 21 Sep 2023
32 points (100.0% liked)

Google Pixel

5955 readers
1 users here now

The World's Google Pixel community!

This community is for lemmings to gather and discuss all things related to the Google Pixel phone and other related hardware. Feel free to ask questions, seek advice, and engage in discussions around the Pixel and its ecosystem.

We ask you to be polite when addressing others and respect Lemmy.world's rules.

NSFW content is not allowed and will immediately get you banned.

It also goes without saying that self-promotion of any nature and referral links are not allowed. When in doubt, contact the mod team first.

Also, please, no politics.

For more general Android discussions, see [email protected].

This community is not in any way affiliated with Google. If you are looking for customer support regarding your Pixel phone, look here instead: https://support.google.com/pixelphone/

founded 2 years ago
MODERATORS
 

Hey guys!

It's almost time again for the latest and greatest iterations of Pixel devices, where Google will show off their newest hardware and software upgrades to the masses.

The event will debut on October 4th at 10 AM EST (https://dateful.com/convert/est-edt-eastern-time?t=10am&d=2023-10-04), showcasing what's to be the Pixel 8, Pixel 8 Pro, and likely the Pixel Watch 2.

Rumors indicate signs pointing to a new Tensor chip in the Pixel devices, temperature sensors, Magic Audio removal features for video clips, and even a Qualcomm-based chip in the Pixel Watch 2.

Feel free to watch the event and sign up to be notified when it's live, at the following YouTube link: https://www.youtube.com/watch?v=pxlaUCJZ27E

See you all soon!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago (1 children)

So do you argue that all manufacturers should get rid of the usb port as well and switch to wireless charging because juicejacking is a thing?

That's a really poor argument to make when the usb port is more prone to attacks (as it requires 0 app use on the user front) vs sd cards, which requires a user to hand over permissions.

[–] hackitfast 3 points 1 year ago (1 children)

If you yank out an SD card on it from a phone that was forgotten behind:

  1. You now have access to all of the potentially unencrypted files on it
  2. Threat actors can replace trusted files with malicious ones to exploit potential vulnerabilities in applications running on the Android device
  3. In 5 seconds you've walked away with it, as opposed to a laptop which requires you to physically unscrew it

If you have a phone without an SD card they only have access to the USB port, which is locked with software and in some cases hardware. Removing the SD card slot is one less attack vector, it will make the device more secure one way or another.

Leaving your laptop around someone can also yank the SSD. Modern laptop operating systems generally have the option to encrypt their storage devices.

You can encrypt microSD cards but you must do file transfers through the phone itself through USB which I guess is no different than having an encrypted drive on a laptop. I haven't looked into how modern SD encryption works on Android.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

Arguing security flaws based on someone having physical acess to a device is on a completely different level of vulnerabilities.

Thats like treating vulnerabilities like Spectre/Meltdown/Downfall/Zenbleed on the same category as ones that require physical access to the machine, many which dont get names due to being severe is small because they are firmware patched quickly.

On the topic of SD card encryption, its not native to android, however many companies who offer sd card models(e.g Samsung) have encryption as a setting put in theirselves.

[–] hackitfast 1 points 1 year ago (1 children)

In computer security, you always have to consider both physical and digital security. They go hand in hand.

You can put as many passwords on a computer as you want but as soon as you have local access to a computer or storage device it's game over.

Check out the 8 security domains in relation to computer security.

https://www.itgovernance.co.uk/blog/the-8-cissp-domains-explained#asset-security

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago)

You consider them, but they are never treated on the same level of threat.

Ironic that youd post something from the UK, given they just banned end to end encyption of messaging.