Bafumanise ukuba i-Realme, i-Xiaomi kunye nee-smartphones ze-OnePlus zivuza idatha yomntu

Darkcrizt

Imizuzu ye4

ukuvuza kwedatha kwii-smartphones

Ubumfihlo benkqubo yokusebenza ye-Android phantsi kweglasi yokukhulisa

Kutshanje kwavela iindaba ukuba iqela abaphandi abavela kwiYunivesithi yase-Edinburgh bapapashe umphumo de uhlalutyo olwenziwe kwi Iimpawu ze-smartphones I-Realme, i-Xiaomi kunye ne-OnePlus kubonelelwe kwiimarike zaseTshayina nakwihlabathi apho bafumanise ukuba ezi babenento ethile, “ukuvuza kwedatha yobuqu”.

Kufunyenwe ukuba zonke izixhobo ezine-firmware ezithengiswayo e-China zithumela ulwazi olongezelelweyo kwiiseva zokuqokelelwa kwe-telemetry, njengenombolo yefowuni yomsebenzisi, izibalo zokusetyenziswa kwesicelo, kunye nedatha yendawo, i-IMSI (iNombolo yoMrhumo womntu ngamnye), i-ICCID (iNombolo ye-SIM khadi) kunye namanqaku ajikeleze iindawo zofikelelo ezingenazingcingo. Kwakhona, izixhobo zeRealme kunye ne-OnePlus ziye zaxelwa ukuba zisasaza umnxeba kunye nembali yeSMS.

I-China ngoku lilizwe elinelona nani likhulu labasebenzisi be-smartphone be-Android. Sisebenzisa indibanisela yobuchule bokuhlalutya ikhowudi emileyo kunye neguqukayo ukuze sifunde idatha ehanjiswa zii-apps zenkqubo efakwe kwangaphambili kwii-smartphones ze-Android ezisuka kubathengisi abathathu abadumileyo eTshayina.

Sifumene ukuba inani elothusayo lomthengisi wenkqubo efakwe ngaphambili kunye neeapps zomntu wesithathu zinamalungelo ayingozi.

Kufanelekile ukuba ukhankanye loo nto kwi-firmware yemarike yehlabathi, umsebenzi onjalo awujongwa ngaphandle kwezinye izintoNgokomzekelo, izixhobo ze-Realme zithumela i-MCC (ikhowudi yelizwe) kunye ne-MNC (ikhowudi yenethiwekhi yeselula), kunye nezixhobo ze-Xiaomi Redmi zithumela idatha malunga ne-Wi-Fi edibeneyo, i-IMSI, kunye neenkcukacha zokusetyenziswa.

Nokuba luhlobo luni lwe-firmware, zonke izixhobo zithumela isichongi se-IMEI, uluhlu lwezicelo ezifakiweyo, uguqulelo lwendlela yokusebenza kunye neeparamitha zehardware.. Idatha ithunyelwa ngumvelisi-efakwe kwizicelo zenkqubo ngaphandle kwemvume yomsebenzisi, ngaphandle kwesaziso sokuhanjiswa, kwaye kungakhathaliseki ukuba iisetingi zabucala kunye nokuhanjiswa kwe-telemetry.

Ngohlalutyo lwetrafikhi, sifumanise ukuba uninzi lwezi pakethi zinokuthumela kwiindawo ezininzi zomntu wesithathu ulwazi oluyimfihlo olunxulumene nesixhobo somsebenzisi (izazisi ezizingileyo), i-geolocation (GPS).
ulungelelaniso, izazisi ezinxulumene-network), iprofayile yomsebenzisi (inombolo yefowuni, ukusetyenziswa app) kunye nobudlelwane ekuhlaleni (umzekelo, imbali call), ngaphandle kwemvume okanye isaziso.

Oku kubangela ukungachazwa kwamagama kunye nokulandelwa okunzulu, kunye nemingcipheko ephalala ngaphandle kweTshayina xa umsebenzisi esimka.
yelizwe, kwaye icela unyanzeliso olungqongqo ngakumbi lomthetho wabucala wedatha owamkelweyo.

efowunini Redmi, idatha ithunyelwa kwi-host tracking.miui.com xa uvula kwaye usebenzisa ii-apps ezifakwe ngaphambili zomenzi ezifana neSetingi, amanqaku, iRekhoda, iFowuni, iMiyalezo, kunye neKhamera, kungakhathaliseki ukuba imvume yomsebenzisi, ukuthumela idatha yokuxilonga ngexesha lokusetha kokuqala. kwizixhobo I-Realme kunye ne-OnePlus, idatha ithunyelwa kwi-host log.avlyun.com, aps.oversea.amap.com, aps.testing.amap.com okanye aps.amap.com.

Umncedisi we-tunneling ufumana uxhulumaniso olusuka kwifowuni kwaye lugqithise kwiindawo ezijoliswe kuzo, kukhankanyiwe ukuba abaphandi baphumeze i-proxy engumlamli ukuze bakwazi ukunqanda kunye nokucima i-HTTP / HTTPS i-traffic.

Ukwenzela ukwahlula ngokupheleleyo izicelo eziqaliswe yifowuni yeHuawei kwiMiyalezo Yamafu esetyenziselwa ukubeka esweni umatshini wenyani osingethelweyo (VM), itonela ebizwa ngokuba yi-tunneling proxy server yenziwa. Baphinde baqhuba i-mitmproxy 8.0.0 kunye neemvume ze-superuser kwi-port 8080 kwi-VM kunye ne-iptables eziqwalaselweyo ukuqondisa kwakhona nayiphi na imidibaniso ye-TCP e-tunneled kwi-locahost:8080.

Ngale ndlela, i-mitmproxy inxibelelana nefowuni egameni lezicelo ezivela kwiisiphelo zomncedisi kwaye iqalise izicelo ezitsha kwiindawo zokuphela kweseva yendawo ngokubeka njengefowuni, ivumela i-mitmproxy ukuba ibambe isicelo ngasinye.

Kwiingxaki ezichongiweyo, ukubandakanywa ekuhanjisweni kwezicelo ezongezelelweyo zomntu wesithathu, ezinikwe iimvume ezongeziweyo ngokungagqibekanga, nazo zivelele. Lilonke, xa kuthelekiswa ne-Android AOSP codebase, i-firmware nganye eqwalaselwayo iza nezicelo ezingaphezu kwe-30 zeqela lesithathu ezifakwe ngaphambili ngumenzi.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga kwi iinkcukacha kwikhonkco elilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   typhus sitsho
    yenzayo 1 ngonyaka

    Yintoni into entsha, oko akwenzeki kuphela ngeefowuni zaseTshayina, kwenzeka kuzo zonke iifowuni eziphathwayo emhlabeni kwaye nabani na okholelwa ngenye indlela akanalwazi.

    sabela kwi-typhus
  2.   user12 sitsho
    yenzayo 1 ngonyaka

    Kuyinyani ukuba iifowuni eziphathwayo ziyi-data evuzayo kwaye oku akumangalisi, kodwa kunikwe ukhetho, ndikhetha ukunika iGoogle kunorhulumente waseTshayina.

    Phendula umsebenzisi12
  3.   UAlex Borrell sitsho
    yenzayo 1 ngonyaka

    Akukho ndaba malunga nesifundo esikhankanyiweyo, kubonakala ngathi sipolarized kakhulu kwiimeko zangoku. Inyani, akukho 100% i-smartphone ekhuselekileyo.

    Phendula ku-Alex Borrell