Israeli company's product can (allegedly) pwn any nearby mobile phone


#1

[Read the post]


#2

So, Apple and Google each buy one, test it for a month, then patch all the bugs, right?


#3

but that would be illegal under the DMCA


#4

“Additionally, blah blah blah blah”

But can it make a decent bowl of Matzo Ball Soup?


#5

a) It wouldn’t have to be. they could just observe what it does.
b) Filing a DMCA suit over a machine that automates violating the CFAA against the manufacturers of the machines it pwns would take some chutzpah.


#6

This is a war. Time to dig the trenches. We didn’t start it, it was forced upon us.

What about a multipronged approach? Passive, like honeypot apps on the phones (or even honeypot hardware that poses like a phone with vulnerabilities but logs all traffic, and is used in a suspicious way that attracts attention of the adversary)? Active, like counterattacks of both physical and cyber nature on whoever is likely to possess the technology in order to retrieve it (and its secrets) - remember the COINTELPRO? Legal, like filling FOIA and then divining answers from whatever we get back? Other?

The targets are big and few. Image of a deer being eaten alive by ants comes to mind…


#7

Also, it may not be just wifi. There are vulnerabilities a-plenty in the baseband processor code. The code is closed-source, carefully guarded (we need those multiscale visualisation rapid reverse-engineering tools and we need them yesterday!), and usually poorly if ever audited. The processor in many phones shares address space with the main processor - so instant pwnage possible (see the iPhone unlocks that use this).


https://news.ycombinator.com/item?id=8813098


#8

Taking up the martial theme, are there howtos online for new recruits with templates for choosing, unlocking and rooting a phone with a different OS?

Because I think the general computing era unix/gnulinux skill sets are tougher for new people to learn on our new smart phone appliance overlords.

Also STEM friends, there’s a social, Homebrew Computer Club vibe that needs to be recovered.

People sometimes want to be the genius mavericky IPO guy who no one really understood. That’s a way of interacting that is destructive to learning and groups.


#9

That’s why you better start with a scrap computer or a raspberry pi. A phone is one’s production device, and better have something more screwup-friendly for first-time fooling around, where the worst thing to happen is a need to reimage the microSD card.

…and if you have nonzero people skills, a good thing to do is to adopt one or few apprentices, teach them what you had to go through, and if possible be taught by a mentor who adopted you between his apprentices. Wouldn’t work for everybody but when it works it is great.


#10

Also good advice. I think it’s a professional culture issue for STEM though … esp. coders and engineers. The Homebrew Computer types of relationships aren’t reproducing — just the proprietary types.


#11

It’s the people-skills thing. If they were better in those, they would have less chance ending up as engineers.

May get a bit better over time with the recent hackerspace/makerspace boom.

Already got quite better with the internet (and Usenet before) and the forums.

Not ideal, but what is. Ideal is the worst enemy of done.


#12

Bullshit. Unless they’re buying up unpatched exploits, and even then, they would have to keep doing that for it to keep working.


#13

I haven’t read up much since the initial announcement and there seem to be few solid details, so take this as pure speculation: the fact this is wifi-only implies this doesn’t require any zero day exploits, it’s applying standard wifi attacks at scale.

Most wifi-enabled devices are set to connect to known networks. Most people have, at some point, connected their device to an unsecured hotspot. By either broadcasting a bunch of very common SSIDs or responding to every incoming request with ‘sure, that network is me’ you could get a majority of devices to connect.

After that point the options are a bit more varied. Given their claims there’s a good chance they got dodgy certs for popular services from a certificate authority, which would be immediately revoked if discovered. Other than that they’re likely using MITM: maybe degrading the security for connections when they can, maybe impersonating entire services, and maybe just packet sniffing and picking out what they can. They’d be able to get a surprising amount from what devices voluntarily broadcast on public networks.

Bottom line, this probably isn’t new. But taking an existing attack and giving it a user-friendly interface and industrial scale can be just as scary.


#14

Unless they’ve figured out some way to generate 2FA keys, my email and Dropbox passwords aren’t going to do them much good.


#15

Instead, they’ve openly marketed these [alleged] bugs to law enforcement firms

It is almost as if crooks are easier to scam than honest people.


#16

This topic was automatically closed after 5 days. New replies are no longer allowed.