This isn't so much security research as it is marketing for the company's mobile endpoint security tool.
Their stats on the surface are interesting. According to the data collected by Zimperium:
According to our data, the exposure factor of rooted devices versus stock devices varies from 3x to ~3000x, which suggests that rooted devices are potentially much more vulnerable to threats than stock devices.
But then the paper doesn't even speculate as to why that might be. The rest of the report is basically a sales pitch for their security software. Rooting is bad and you need to keep these devices off your corporate networks (by buying our software) is the only message they're sending.
Off the top of my head, here are some hypotheses for the correlation, each of which has different implications for how to best mitigate the risks:
rooted devices are more likely to produce false-positive security alerts in the endpoint detection software
rooting tools themselves are used as an initial loader in infection chains
users of rooted devices are more technical and therefore more likely to install more apps overall, increasing attack surface area
users of rooted devices are more technical and therefore more likely to engage in risky software installation (sideloading untrusted software)
rooted devices contain more vulnerabilities
stock OS security is good at stopping malware from misbehaving, rooting removes those mitigations
The implication of the paper seems to be that (5) or (6) is the case: "rooted devices are potentially much more vulnerable to threats than stock devices." If the cause is (3) or (4) on the other hand, then there's not much that can be done outside of user education, since these users are inherently more likely to increase the attack surface of their devices whether the device is rooted or not.
(1) or (2) however would imply that the whole research is bogus, as in the case of (1) the data would be completely unreliable and in the case of (2) the causation is actually the reverse of what the paper implies, which is to say that malware causes rooting of the device, not the other way around.
Interestingly then, the paper includes this illustration:
Figure 4 illustrates this idea, showing a case of a rooted device that ended with a full compromise after sideloading malicious applications.
The infection with malware occurs 10 seconds after the installation of Magisk, the tool used to get root access to the device. It should be obvious to anyone that this was not a coincidental infection caused by the user rooting their device, but actually the malware was using the rooting tool as the first step in compromising the device. So in this case, malware caused rooting of the device, not the reverse.
The linked Hackread article essentially just regurgitates the points from the Zimperium report without any critical analysis of why or how rooted devices pose a threat. For users of rooted devices it would be helpful to know whether they are actually at more risk, and why, so that they can mitigate the risks. But this article is not about security research, it's just a sales pitch.
It was a while ago that I compared them so this may have changed, but one of the main differences that I saw was that borg had to backup over ssh, while restic had a storage backend for many different storage methods and APIs.
I'm claiming that the article is wrong and you're quoting the article at me? Yes I know what the article says because I read it, and then researched the vulnerability.
Which is by github user dirk1983, and if you read (translate) the readme, you will see that it's a ChatGPT front-end written by this user, not anything officially released by OpenAI.
The confusion comes from the fact that his repository (this front-end with the vulnerability) is just called "ChatGPT", and neither the journalist nor you did this basic search to find that out.
AFAICT this is not the OpenAI web interface, it's just a third-party web interface for ChatGPT that calls the OpenAI API and the author of this web interface called it just "ChatGPT".
Presumably the author of this article is incapable of actually doing the 2 minutes of research necessary to identify that this is not an official ChatGPT codebase that contains the vulnerability.
I've been using it for just over 6 months and it's perfectly fine as a desktop distribution. I'm enjoying that it's based on Debian Sid and I get a more up to date GNOME release than I would have with Ubuntu or Debian. The update process is a bit slow but you can just leave it downloading in the background and then reboot when it's ready. If you know that you want an immutable desktop distro based on Debian then I would definitely recommend it.
If you're using it for development then it's a bit more complicated as you'll need to get used to working in a distrobox container and understanding when it can and can't access the host system or communicate with programs running on the host system.
If you have the time and basic understanding to be able to switch your dev workflow to run inside a container, or if your dev environment never needs to interact with the base system that you're running it on, then it's perfectly usable for dev work - just a bit of a learning curve.
The original report: https://www.zimperium.com/blog/catch-me-if-you-can-rooting-tools-vs-the-mobile-security-industry/
This isn't so much security research as it is marketing for the company's mobile endpoint security tool.
Their stats on the surface are interesting. According to the data collected by Zimperium:
But then the paper doesn't even speculate as to why that might be. The rest of the report is basically a sales pitch for their security software. Rooting is bad and you need to keep these devices off your corporate networks (by buying our software) is the only message they're sending.
Off the top of my head, here are some hypotheses for the correlation, each of which has different implications for how to best mitigate the risks:
The implication of the paper seems to be that (5) or (6) is the case: "rooted devices are potentially much more vulnerable to threats than stock devices." If the cause is (3) or (4) on the other hand, then there's not much that can be done outside of user education, since these users are inherently more likely to increase the attack surface of their devices whether the device is rooted or not.
(1) or (2) however would imply that the whole research is bogus, as in the case of (1) the data would be completely unreliable and in the case of (2) the causation is actually the reverse of what the paper implies, which is to say that malware causes rooting of the device, not the other way around.
Interestingly then, the paper includes this illustration:
The infection with malware occurs 10 seconds after the installation of Magisk, the tool used to get root access to the device. It should be obvious to anyone that this was not a coincidental infection caused by the user rooting their device, but actually the malware was using the rooting tool as the first step in compromising the device. So in this case, malware caused rooting of the device, not the reverse.
The linked Hackread article essentially just regurgitates the points from the Zimperium report without any critical analysis of why or how rooted devices pose a threat. For users of rooted devices it would be helpful to know whether they are actually at more risk, and why, so that they can mitigate the risks. But this article is not about security research, it's just a sales pitch.