arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options

File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######


File: 1496454464247.jpg (686.59 KB, 1200x2000, 1480759983816.jpg)

 No.508

Any ideas how Android/iOS devices could be infected? Is the only way to do that is the app store?

 No.510

Physically get your hands on some phones and infect some executables to start it off, then it can spread.

 No.513

They often have plenty of exploits or backdoors, I believe both had plenty of stuff about them in the NSA leaks. Even worse, most Android phones run horribly outdated software (just look at the market share of old versions), because manufacturers simply refuse to update and tend to lock their phones down. The infection factors are probably the same as with regular desktop/laptop computers, though with phones there's also an increased risk of hardware backdoors if you're concerned with the government coming in.

 No.691

An Android phone comes with Google closed-source software operating on top of open-source Android. The same way that Chrome is Google's closed-source software on top of open-source Chromium.

So, in a way, all stock android devices are effectively compromised.
NSA > Shadow Brokers > Your Phone


>>513
>horribly outdated software
This is the more obvious problem. Carriers can't be bothered to pay the cost for supporting failed updates, so they don't update. Many phones actually CAN'T run recent Android versions, as the hardware won't support it.

 No.712

>>508
Look in the metasploit framework and there are plenty of attacks against android processes that allow a shell to spawn remotely. I used a attack on my samsung smart TV and was able to mess around with it pretty easily. Have to thank the NSA for supplying their tools :)

 No.714

As users already pointed out, Android phones have a broad attack surface.
It's highly likely that a random phone can be compromised by a publicly available exploit. All this without the intervention of the user.
Since they run Linux at the kernel, and they probably run some old version, then recent kernel exploits are likely to work.
If you want to compromise an android phone, you can probably even do it remotely in several ways. AP or packet spoofing may provide good attack vectors.

 No.715

>>508
Regarding iOS, the only vectors are a direct install of a app from a user or safari attacks. iOS is hard to target but android runs linux at its core.

 No.716

>>715
As much as iOS has it's issues; you don't see the US Federal Government /Department of Justice suing Google or paying USD$1mil when they realise they're gonna lose to break into an Android phone…

I'm too drunk too contribute anything other than sass at the moment, but this thread seems to be heading in the right direction.



[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]