view the rest of the comments
Google Pixel
The World's Google Pixel community!
This community is for lemmings to gather and discuss all things related to the Google Pixel phone and other related hardware. Feel free to ask questions, seek advice, and engage in discussions around the Pixel and its ecosystem.
We ask you to be polite when addressing others and respect Lemmy.world's rules.
NSFW content is not allowed and will immediately get you banned.
It also goes without saying that self-promotion of any nature and referral links are not allowed. When in doubt, contact the mod team first.
Also, please, no politics.
For more general Android discussions, see !android@lemmy.world.
This community is not in any way affiliated with Google. If you are looking for customer support regarding your Pixel phone, look here instead: https://support.google.com/pixelphone/
https://www.engadget.com/2011-01-29-android-2-3-security-bug-shows-microsd-access-vulnerability.html
https://www.techtimes.com/articles/233214/20180813/android-exploit-uses-sd-cards-heres-how-to-protect-yourself-against-man-in-the-disk-attacks.htm
It's been well documented. They can also use them to place malicious files on and potentially gain access to the phone by having the Android phone read them and run malicious code.
So do you argue that all manufacturers should get rid of the usb port as well and switch to wireless charging because juicejacking is a thing?
That's a really poor argument to make when the usb port is more prone to attacks (as it requires 0 app use on the user front) vs sd cards, which requires a user to hand over permissions.
If you yank out an SD card on it from a phone that was forgotten behind:
If you have a phone without an SD card they only have access to the USB port, which is locked with software and in some cases hardware. Removing the SD card slot is one less attack vector, it will make the device more secure one way or another.
Leaving your laptop around someone can also yank the SSD. Modern laptop operating systems generally have the option to encrypt their storage devices.
You can encrypt microSD cards but you must do file transfers through the phone itself through USB which I guess is no different than having an encrypted drive on a laptop. I haven't looked into how modern SD encryption works on Android.
Arguing security flaws based on someone having physical acess to a device is on a completely different level of vulnerabilities.
Thats like treating vulnerabilities like Spectre/Meltdown/Downfall/Zenbleed on the same category as ones that require physical access to the machine, many which dont get names due to being severe is small because they are firmware patched quickly.
On the topic of SD card encryption, its not native to android, however many companies who offer sd card models(e.g Samsung) have encryption as a setting put in theirselves.
In computer security, you always have to consider both physical and digital security. They go hand in hand.
You can put as many passwords on a computer as you want but as soon as you have local access to a computer or storage device it's game over.
Check out the 8 security domains in relation to computer security.
https://www.itgovernance.co.uk/blog/the-8-cissp-domains-explained#asset-security
You consider them, but they are never treated on the same level of threat.
Ironic that youd post something from the UK, given they just banned end to end encyption of messaging.
Taking someones phone to then put a file on it is not something I would call a security risk, let alone one that warrants removal of such a basic feature.
At that point, there are WAY more severe AND realistic attacks happening. Relevant XKCD this reminds me of.