Rank: 2 Rank: 2

1^# 跳轉到 » 倒序看帖

字體大小: tT

發表於 2015-3-9 19:10 | 只看該作者

小米手機預裝木馬程式官方否認

小米手機再爆出保安漏洞疑雲！美國手機安全公司Bluebox發現，其測試的小米手機4 LTE版本中內置了六款可疑應用程式（Apps），部份被視為惡意、間諜或廣告程式，其中一個名為“Yt Service”的應用程式，會偽裝成一個由Google提供的服務，以降低用戶戒心，並會在未經用戶同意下自行下載其他Apps，或在通知欄上發廣告等。另外，該手機亦有程式是木馬程式，容易黑客操控用戶的手機。

Bluebox又指，小米的手機操作系統MIUI，有多個安全漏洞，容易受到黑客攻擊。

對於Bluebox的指控，小米回應指出，對方所測試的手機並非在官方渠道購買。小米國際副總裁Hugo Barra表示，該MIUI亦非小米標準的操作系統，因為手機不會預裝惡意應用程式。不過Bluebox強調，小米仍須加強其手機認證的能力，令分銷商及消費者更容易辨認其官方生產的手機。

http://hk.apple.nextmedia.com/realtime/finance/20150309/53513221

0

0

shineon

中級會員

Rank: 2 Rank: 2

2^#

發表於 2015-3-9 19:39 | 只看該作者

好心您電子news 就咪睇apple喇
https://bluebox.com/blog/technic ... d-put-data-at-risk/

TOP

cpk 發短消息加為好友 cpk 當前離線 UID 213672 帖子 74898 精華 0 積分 27401 EPC Dollar 27401 註冊時間 2011-5-1 最後登錄 2021-6-13 Banned	3^# 發表於 2015-3-9 19:45 \| 只看該作者提示: 作者被禁止或刪除內容自動屏蔽

	TOP

ok12345

中級會員

Rank: 2 Rank: 2

4^#

發表於 2015-3-9 19:50 | 只看該作者

間公司係咪假嫁

TOP

yupikachu 發短消息加為好友 yupikachu 當前離線 UID 125600 帖子 5246 精華 0 積分 2647 EPC Dollar 2647 註冊時間 2008-9-19 最後登錄 2015-8-22 Banned	5^# 發表於 2015-3-9 19:53 \| 只看該作者提示: 作者被禁止或刪除內容自動屏蔽

	TOP

cleverever

進階會員

Rank: 3 Rank: 3 Rank: 3

6^#

發表於 2015-3-9 19:55 | 只看該作者

其實做測試為甚麼又不從官方途徑購賣呢？

TOP

samiux

進階會員

Rank: 3 Rank: 3 Rank: 3

7^#

發表於 2015-3-9 20:17 | 只看該作者

First of all, the original blog of BlueBox is here : https://bluebox.com/blog/technic ... d-put-data-at-risk/

Secondary, the BlueBox information security testing is not so professional.  They just use anti-virus/anti-malware programs to scan the device.  Why I say that, let me tell you.  I can very easily to bypass any anti-virus/anit-malware programs.  That means, those anti-virus/anti-malware programs cannot detect my malware.  Let me show you : http://www.infosec-ninjas.com/in ... rse_on_windows7_sp1

Meanwhile, a professional information security guy should confirm that vulnerabilities can be exploited or not.  Not just saying it has that vulnerability when we scan the device with this and that anti-virus/anti-malware programs.  How about false-positive?

In additional, as far as I know, the BlueBox get the device is not from the formal channel.  That is the question.  Everyone knows that everyone can make an Android ROM if he has the knowledge.

At last, this testing method is very similar to one of the test that conducted by one of the Information security companies in Hong Kong  for the TV Box from China.

The conclusion is that they are NOT PROFESSIONAL.

Samiux

TOP

活力寶蹄

進階會員

Rank: 3 Rank: 3 Rank: 3

8^#

發表於 2015-3-9 22:20 | 只看該作者

用得大陸機要預左送呢D

TOP

nilson1

中級會員

Rank: 2 Rank: 2

9^#

發表於 2015-3-9 22:20 | 只看該作者

Bluebox Labs has been talking with the security team at Xiaomi. The security team did provide some clarified feedback that we had sought out in our original disclosure on the security posture of the MIUI ROM that Xiaomi ships with its devices. The team ran Trustable by Bluebox on the device and received a score of 6.7, a much better score over what Bluebox found with the non-standard MIUI ROM.

TOP

knockhead 發短消息加為好友 knockhead 當前離線 UID 294304 帖子 5107 精華 0 積分 2523 EPC Dollar 2523 註冊時間 2014-2-13 最後登錄 2015-4-19 Banned	10^# 發表於 2015-3-9 22:36 \| 只看該作者提示: 作者被禁止或刪除內容自動屏蔽

	TOP

小米手機預裝木馬程式官方否認

[收藏此主題] [關注此主題的新回覆]

[通過 QQ、MSN 分享給朋友]

小米手機預裝木馬程式 官方否認

[收藏此主題] [關注此主題的新回覆]

[通過 QQ、MSN 分享給朋友]

小米手機預裝木馬程式官方否認