• CameronDev@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    Only exploits that require human intervention would be defeated by this though. If you have a zero touch exploit that can privesc, the persistance doesnt need to be anything special, you can just wrap your exploit in an ordinary android app and request it be woken up on next boot.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      Not necessarily true. It could be a buffer overflow in text message processing, it’s still requires a text message to be sent to the phone.

      It could be a Wi-Fi or Bluetooth exploit, which requires locality.

      It could be a browser, webview, certificate exploit that requires a sophisticated chain of events with a low probability to intercept a web page and get the user to do something that isn’t guaranteed.

      The exploit might display itself to a user on the phone, so every time it’s applied there’s a risk of discovery.

      Not to mention many advanced persistent threats do not want their exploits to be analyzed, so they will not leave them sitting around to be collected, just waiting for the device to need a reinfection. That’s valuable signals capability that you give to your adversary they just need to analyze it.

      • CameronDev@programming.dev
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        Those all are things that require external human intervention though?

        If the malware is persistent, then one way or another it needs to leave an exploit on the device, it can either be a persistance exploit, or a privesc exploit.