OESF Portal | OESF Forum | OESF Wiki | LinuxPDA | #planetgemini chat on matrix.org | #gemini-pda chat on Freenode | #zaurus and #alarmz chat on Freenode | ELSI (coming soon) | Ibiblio

IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> MediaTek System On Chip - mtklogger malware
TallTim
post Jun 6 2018, 01:40 PM
Post #1





Group: Members
Posts: 15
Joined: 4-June 18
From: North America
Member No.: 823,796



Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.
Go to the top of the page
 
+Quote Post
Murple2
post Jun 6 2018, 11:21 PM
Post #2





Group: Members
Posts: 138
Joined: 5-January 18
Member No.: 815,856



QUOTE(TallTim @ Jun 6 2018, 10:40 PM) *
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.


There was discussion around this a month or so back, I came to the conclusion I wasn't too worried - no more than I am about the inclusion of hardware backdoors on every electronic device I own. If you were super paranoid you could sniff outbound traffic from the gemini (the ethernet adapter may be the easiest way to do this) but even this isn't fool proof.
I took a pragmatic approach and downloaded "Engineer Mode MTK" from the play store which allowed me to disable a whole load of logs (which were already switched off anyway). Of course, maybe this app is malicious and I have made my device less secure.

I think I'll stick to pen and paper from now on...
Go to the top of the page
 
+Quote Post
mibry
post Jun 7 2018, 12:47 AM
Post #3





Group: Members
Posts: 19
Joined: 18-May 18
Member No.: 822,788



QUOTE(Murple2 @ Jun 7 2018, 08:21 AM) *
QUOTE(TallTim @ Jun 6 2018, 10:40 PM) *
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.


There was discussion around this a month or so back, I came to the conclusion I wasn't too worried - no more than I am about the inclusion of hardware backdoors on every electronic device I own. If you were super paranoid you could sniff outbound traffic from the gemini (the ethernet adapter may be the easiest way to do this) but even this isn't fool proof.
I took a pragmatic approach and downloaded "Engineer Mode MTK" from the play store which allowed me to disable a whole load of logs (which were already switched off anyway). Of course, maybe this app is malicious and I have made my device less secure.

I think I'll stick to pen and paper from now on...


If you are really worried about the mtklogger process then best to install the rooted version of the fireware and use a firewall like AFWALL+, it is available in the play store.
Go to the top of the page
 
+Quote Post
Murple2
post Jun 7 2018, 05:08 AM
Post #4





Group: Members
Posts: 138
Joined: 5-January 18
Member No.: 815,856



QUOTE
If you are really worried about the mtklogger process then best to install the rooted version of the fireware and use a firewall like AFWALL+, it is available in the play store.

I don't want to be a party pooper but rooting your device has security implications too.
Go to the top of the page
 
+Quote Post
joepirello
post Jun 7 2018, 06:23 AM
Post #5





Group: Members
Posts: 41
Joined: 26-May 18
Member No.: 823,304



I just froze the mtklogger app using TitaniumBackup. That should render it useless.
Go to the top of the page
 
+Quote Post
depscribe
post Jun 7 2018, 07:22 AM
Post #6





Group: Members
Posts: 255
Joined: 3-January 18
Member No.: 815,753



QUOTE(TallTim @ Jun 6 2018, 01:40 PM) *
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

It's not a keylogger, but in some respects it is just as bad, collecting a lot of information and if not phoning home with it at least leaving it exposed. Here's what NIST has to say:

https://nvd.nist.gov/vuln/detail/CVE-2016-10135
Go to the top of the page
 
+Quote Post
covex
post Oct 26 2018, 11:17 AM
Post #7





Group: Members
Posts: 22
Joined: 10-October 18
From: CZ
Member No.: 834,412



QUOTE(depscribe @ Jun 7 2018, 05:22 PM) *
QUOTE(TallTim @ Jun 6 2018, 01:40 PM) *
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

It's not a keylogger, but in some respects it is just as bad, collecting a lot of information and if not phoning home with it at least leaving it exposed. Here's what NIST has to say:

https://nvd.nist.gov/vuln/detail/CVE-2016-10135


Here you can find how to check and set off the mtklogger:

https://www.reddit.com/r/geminipda/comments...f_the_firmware/
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 15th November 2019 - 04:34 PM