I wouldn't name this a bug. This is a sign that whoever wrote that code has zero security awareness.
When security researchers start looking into a product they expect a little bit of security measures. It might be incorrectly done, it might be worked around, but in this case there was no effort at all. They didn't even try to secure the code.
Now maybe that debug daemon was not supposed to be running on the production firmware, but it still shows how serious they are about security.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Minor typo
Date: 2019-04-01 05:19 pm (UTC)When security researchers start looking into a product they expect a little bit of security measures. It might be incorrectly done, it might be worked around, but in this case there was no effort at all. They didn't even try to secure the code.
Now maybe that debug daemon was not supposed to be running on the production firmware, but it still shows how serious they are about security.