top | item 9956818

(no title)

13 | 10 years ago

It's likely too late for panic, everyone is probably owned already. It has the best infection vector ever, unauthenticated, unsolicited messaging with an easily discoverable addressing method. What more could a worm want?

discuss

cpncrunch|10 years ago

>It's likely too late for panic, everyone is probably owned already

That seems unlikely given that the researcher hasn't publicly released the details of the hack, and he says that "he does not believe that hackers out in the wild are exploiting it".

chronic40|10 years ago

There are tens of thousands of extremely skilled hackers selling exploits on the order of $10K to $100K. I'm fairly certain someone has been exploiting it. Not everyone is a good guy in the world.

ksenzee|10 years ago

Wouldn't you know if you'd received a sketchy MMS from a number you didn't recognize?

kenbellows|10 years ago

The most standout part of this attack (to me) is that it can be 100% silent. The fact that the bug hits before the text notification is fired means that an exploit could potentially stop the notification, delete the message, and go on tramping throughout your phone doing whatever it wants leaving absolutely no indication to you the user that you've been hacked.

ChrisAntaki|10 years ago

Not if the attacker deletes the message post-pwnage.

lvs|10 years ago

Proper pwnage would erase the MMS as soon as the exploit was complete. The only record of receipt would be on you itemized carrier bill.

mjard|10 years ago

Even worse, if it's a worm, it's likely it would come from somebody you know.

unknown|10 years ago

[deleted]

stephengillie|10 years ago

Is there a way to see if one is "owned"? Could we run a command or view a menu that would list an extra binary? Could we try to exploit ourselves in some way, like visiting a special website?

superuser2|10 years ago

We know about the vulnerability, not the payload delivered through it. There could be thousands of them with wildly varying characteristics. There could be none.

Some of them could be rootkits, and have patched filesystem and process explorers to hide themselves. Some could be called virus.exe.

But no, you will never know that you haven't been compromised. In the coming weeks, we may learn about some of the specific malware that spreads this way, and you may be able to test your phone for it, but finding nothing does not mean you haven't been owned by something more exotic.

ams6110|10 years ago

I occasionally get picture or video messages from iPhones on my Android phone which just crash the default Messaging app. When this happens, it's not possible to even delete them as the app crashes immediately upon displaying that message. The only recovery I've found is to delete ALL messages. Interestingly this has never occurred when using Hangouts as the messaging app, but the fact that a presumably legit (these were received from known senders) MMS message could crash the app indicates that there are flaws in the programming.

clearf|10 years ago

Independent of the question if "everyone" is owned is the interesting (and scary) possibility that specific people have been (or will be) targeted.

jfoster|10 years ago

There would be a lot of side-effects being noticed if it were being exploited as widely as you suggest. For example, carriers would notice lots of unusual activity; MMS step-change at a minimum.

Oletros|10 years ago

Why infected? Is there any indication that the exploit can give root access and be used to install things?