Thread: NOKIA Not Selling N900 Anymore, Should I be Worried?
View Single Post
damion is offline damion
2011-01-11 , 03:21
Posts: 173 | Thanked: 160 times | Joined on Jan 2010 @ London, UK
#30
Originally Posted by retsaw View Post
Yes Flash is dangerous for all platforms, it is always best using a flash blocker where you have it installed so you don't automatically run every flash applet you run across, you never know what unpatched exploits the black hats may know about even for an up-to-date flash plugin.

And yes it is (at least on my part) assumption, but I feel they are valid. Though the OP did take it a bit far by implying attackers will be overseeing their exploits and manually controlling it, this is quite unlikely.
retsaw: thanks for clarifying my post.

I actually think it's unlikely that the flash exploits around for the older plugin we are forced to use, had anyone go to the effort of updating them for arm (& specifically the n900), but if anyone were to bother with that, it's not much of a stretch to assume they would also use the arbitrary execution of code on your phone to create tunnels to a shell. Note how shocked Google were when they found just how person specific and targetted the trojan based attacks on their internal network were. If you are hosting malicious embedded flash, it's trivial to leave an automatic logtailing based process to alert you when you snag a victim.


So in summary. These are valid concerns based on the fact that there really are arbitrary code execution type exploits for the flash version we ran* but also, it's highly unlikely it's being exploited unless somebody wants to target you for something specific.

*With the vague possibility this was actually fixed...
I'm also interested in seeing that there was a slight version bump and wonder if they actually did backport the security fixes. It seems weird not to let us have 10.* instead.