Reply to post: The bad news

It's 2019 – and you can completely pwn millions of Qualcomm-powered Androids over the air

vtcodger Silver badge

The bad news

Now for the bad news. When exactly these fixes will filter down to actual Android users is not clear

What's unclear? Many, maybe most, of the vulnerable devices won't be fixed -- ever.

Let me add that if the number of major flaws potentially affecting security is -- at it appears to be -- very large (I'm thinking maybe 10**8 or so potential CVEs ... and growing daily), patching our way to security is simply unworkable. It won't/can't happen.

Likewise, expecting manufacturers to always deliver secure code and hardware is expecting the impossible. Probably they could do better, but it's far from clear they can do well enough -- even if they actually try -- to make much difference.

What's the answer?

My personal (inadequate) answer is to not own a smart phone, not use on-line banking, avoid PayPal and other digital dens of thieves as much as possible, and to back up my PC every other day. But I'm still exposed to security blunders by merchants, conventional banks, credit card companies, utilities, etc,etc,etc that have a real need for data about me.

Collectively, I think the answer might be something along the line of rethinking this "everything should be connected" idea. Maybe much less should be connected and what is connected ought to be subject to some rules based on a serious concern for security and user safety. I'm not sure that's enough, but it might be a start.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022