Thread
:
Planet Cosmo Communicator
View Single Post
xelo
2019-12-29 , 19:49
Posts: 48 | Thanked: 191 times | Joined on Jan 2016 @ Münsterland, Germany
#
28
I did not verify the contents of the following link, yet:
https://wuffs.org/blog/pulling-apart...emfota-updater
There seem to be MAJOR security issues with the OTA Updater of the cosmo.
and the content of the website makes me switch back to my S4-Mini with aokp, once I'm back at home.
I had a short glimpse at the mentioned OTA-Update for the Cover display.
(the website says, the CODI updater updates from here:
http://fota.planetcom.co.uk/stm32fla...e_versions.txt
which is only available via http, and the binaries which are flashed to the outer display are also only available by http). If i would like to persist malware on a cosmo, I'd chose the CODI subsystem.
I need to verify the URLs with wireshark once I'm back home.
Edit: This is the authors twitter thread for this issue:
https://twitter.com/_Ninji/status/1201275091297931268
Last edited by xelo; 2019-12-29 at
20:21
.
Quote & Reply
|
The Following 4 Users Say Thank You to xelo For This Useful Post:
juiceme
,
olf
,
Wikiwide
,
xman
xelo
View Public Profile
Send a private message to xelo
Find all posts by xelo