SN 757: The Fuzzy Bench

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

1 Like

@Leo, the problem is, those Android users who don’t upgrade in a 2 year cycle are also the ones that can’t afford an iPhone.

They tend to buy a low-end to mid-range phone every 5 to 7 years. That means, they invest 100€ - 300€ every 7 years in a new phone. I just don’t see any iPhone model in that price range (new or refurbished) that is also going to last 7 years, with support.

A 10 year old PC will still get updates, whether it is from Apple, Microsoft or open source. A 2 year old Android phone is lucky to get any updates. Case in point, my Huawei Mate 10 Pro stopped getting updates in December, just over 2 years after release, the same for my wife’s Huawei P-Smart.

My brother-in-law and his wife replaced their Samsung Galaxy S4 minis last summer, they were released in 2013 and I doubt they’ve had updates since 2014. Their new phones will probably be expected to last a similar amount of time (some low-end Samsung A-series, I think). For them it is just a “phone”. As long as their app de jour works, everything is hunky-dory.


You Nailed it big_D. I have an LG Rebel 4 OREO O/S, with Tracfone. I got a security update on 02/25/20 of this year. Surprised the hell out of me, hope I get more updates. I just use it to make calls.

It accumulates data minutes and texts like crazy, 8.76 gigs of data, 13492 texts, 7116 minutes. I have to buy them every month to keep my phone number, at $15 per month. That is affordable. I’ll never use all the minutes and stuff before I crock. I could not afford $100 a month for poor phone service, let alone a $600 Phone.


I would love to see manufacturers unlock bootloaders so at least a few of us would have an easier time switching to a custom ROM that is updated. Also would like to see ROM developers use something like Patreon so they could be paid to provide security updates. Would be a shame for reasons below to see Android phones fade out and leave everything up to Apple.

1 Like

Why don’t they just buy a completely unlocked Android phone like a Xiaomi or OnePlus? This will give them the ability to upgrade the bootloader and Android software for years to come and allow security patches when they get released. Strangely, the price points will be similar to what they would expect from those of LG or Samsung phones.

Because they are too expensive (One Plus, we are talking phones in the sub-200€ class), because they aren’t “known” over here (outside of Android fans) and because they are phone users. They have no idea what unlocking, bootloader etc. are.


Good. Don’t show them what it is but let them try it. This worked in the past with Google’s own products.

I acknowledge that there are un-patched vulnerabilities in allot of Android phones. However:

  • Like the Intel vulnerabilities, we don’t hear about these being used in the wild
  • Most “hacking” comes from phishing or fake sites where people let their passwords out and their accounts get powned. This can happen on any device. My relatives are prime examples.
  • The cell baseband and cell network software have much bigger flaws / issues
  • Google is scanning all devices with updated Play Services no matter what the age of the device - how come this is ignored as a mitigation?
  • I don’t think I have ever received a random SMS with a malformed media attachment - has anyone?
  • Most of my family only use their phones for facebook and text messaging. They barely have bank accounts to check to see if they even have any money. They are way more likely to get their credit card number leaked.
  • When was the last time someone lost money to a hacker and the bank didn’t return the money? There is no penalty for flawed security today. But there is a penalty for not being connected.
  • There are soooo many vulnerabilities in everything. Why do we even report on them anymore? We should only report on those being exploited in the wild and only if they are wide spread. Hackers find it easier to use social engineering than software engineering to hack someone.

I think this might have been the final thing that makes me finally realize that its not fun to listen to the TWiT network anymore. I’m going to make a soft rant here out of sadness. Hearing @Leo make this blanket statement about a whole ecosystem was hard thing for me to hear today. I love the personalities and is why I have been listening from the beginning of SN and the other shows. But I can’t relate to the topics anymore. I’ve never been able to afford a mac computer. I can’t afford a high end car. I can’t afford to care about “build quality”, etc. Instead, I want to know about the gritty features of a product, I want to know about hidden value in products, I want to know about alternative uses for products, etc. etc. etc. I love @Leo and @JasonHowell and everyone else, but I miss the topics that Fr. Robert would cover, or the geeky stuff Leo would cover back in the days of the screensavers. I don’t care about clean user interfaces, I don’t care about easy, I want geeky nutty stuff. I’m tired of general mainstream computing. Leave that to Wired or the Verge. To give an example, the new AMD laptop chips are about to come out and TWiCH is the only show even slightly mentioning them. I’m tired of @Leo saying that a computer needs 16GB of RAM and that $1000 is the minimum for an entry level laptop. I’ve never spent more than $600 on a laptop. So maybe I’ll check in once in a while to see how the shows are doing, but I just unsubscribed from all of my TWiT shows and I am going to say goodbye everyone. I want to keep this constructive criticism because this really makes me sad. I’m not angry, just sad.

Except that the flaws are used in the wild.

Google was just caught with its pants down. Google’s Play Services malware checking on android devices and the store failed to detect 2/3 of currently active malware strains that are currently in the store and in the wild (2000 of around 6000 samples in the test, the other AV apps managed 98% to 100%…

Most hacking comes from infected websites and apps, either through the Play Store or other stores, as well as side loading.

Facebook are currently sueing an Israeli company for actively exploiting a flaw in WhatsApp to spy on users.

There are people who have lost money and are sueing AT&T because they can’t get reimbursed for the millions they lost.

Reporting raises awareness, and hopefully makes people think more about being secure.

Oh, and I am an android user.

Thank you @big_D, these are real stories and good example of what I want to hear about. I feel like SN is Steve reading his notes or sometimes it feels like he is verbatim reading press releases from security researchers. Your list of stories are new to me and I’m somewhat sure I haven’t heard them on TWiT shows before. Maybe I’m wrong. For example, a law suit is weak measure of how serious an issue is for the public. But again, I would love to hear the TWiT hosts discussing these items. Thank you again @big_D

Steve does sometimes read verbatim from Security Researcher’s press-releases and articles, but he always picks reliable sources also chimes in when needed. He is knowledgeable enough to separate the wheat from the chaff. And that is essential.

He has never been the most dynamic host on the TWiT network, but that is not the value he provides.

I look forward to Security Now every week, especially if there has been some major security news.

And frankly the security issues in Android is one of the main reasons I recommend iPhones to most people (and why I use one myself). I wont use a phone (or Computer) that is no longer receiving security updates. The longer support life and higher re-sale of iPhones helps mitigate the higher upfront cost somewhat.