I found out that my mom is using an older phone that serves her just fine, but last recieved updates in 2021.
Realistically, how dangerous is this? What are the scenarios that could potentially happen with a phone that out of date?
She may be open to something like lineage OS, but I don’t want to make her phone less familiar for her, which would be harder to use. She is not very techy but also not fearful of a little tinkering. I don’t live near her so she will not have anyone knowledgeable to troubleshoot if the need arises.
I’m not a infosec person at ALL so I genuinely don’t know what she is exposed to.
Let me know if I should post this in another community instead.
It comes down to threat model. Random malware will be stopped more often by a newer build of LineageOS that has updated platform security patches. An unlocked bootloader is usually a concern only if a hacker gets physical access to your device and modifies the system partition. If an attacker has a remote exploit that can root your phone, you’re screwed either way.
The link I posted, at the 10 minute mark explains the dangers of an unlocked bootloader. It’s an interview with one of the devs of GrapheneOS who know far more than either of us.
Maybe I’ll take a look later, but as far as I know, there haven’t been any malware found in the wild that can be 1 done remotely and 2 are stopped by a locked bootloader. Even if there is, is that riskier than running a few YEARS of security patches out of date.