The weaknesses reside in Stagefright, a media playback tool in Android. They are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data. All attackers would need to send out exploits would be mobile phone numbers, Drake noted. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions. That would allow for recording of audio and video, and snooping on photos stored in SD cards. Bluetooth would also be hackable via Stagefright.
Depending on the MMS application in use, the victim might never know they had even received a message. Drake found that when the exploit code was opened in Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”. It would be possible to delete the message before the user had been alerted too, making attacks completely silent, he added.
“I’ve done a lot of testing on an Ice Cream Sandwich Galaxy Nexus… where the default MMS is the messaging application Messenger. That one does not trigger automatically but if you look at the MMS, it triggers, you don’t have to try to play the media or anything, you just have to look at it,” Drake added.
a koga je to jos briga, `nece mene` je glavni moto, a kome bas smeta tu su uvek nokie iz 90-tih, pa neka ih akuju ako mogu :)... _____________________________ WAR IS PEACE FREEDOM IS SLAVERY IGNORANCE IS STRENGTH
reaver je dobio `nove` opcije. Penetration testeri pozabavite se, ho, ho, hooou :) _____________________________ WAR IS PEACE FREEDOM IS SLAVERY IGNORANCE IS STRENGTH
Broj postavljenih tema: 60366. Broj poslatih odgovora: 647106. Trenutno niste prijavljeni na PC Berzu i zbog toga imate status 'gosta'. Kao gost ne možete da šaljete poruke na Forum. Ako ste registrovani kao član PC Berze, prijavite se. Ako ste novi korisnik, molimo registrujte se da bi dobili mogućnost aktivnog učešća u radu Foruma.
