• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    11 months ago

    When we’re talking about devices that aren’t getting security updates anyway, you shouldn’t be using them for anything sensitive, even with direct lineage OS builds. Without baseband hardware driver updates, you’re an extreme risk for a drive by exploit.

    From my threat model perspective, lineage OS makes a vulnerable device useful, but not for anything sensitive.

    A game phone, a VPN phone, a webcam, a sync thing endpoint, a crypto miner, a kid’s phone, lots of uses. But not banking, not passwords.

    If the build isn’t coming from lineage os, I question why not? It just takes one maintainer to keep the build going. At best you’re going to get a point in time build, you’re not going to keep getting operating system.