cgava mah
2015-12-02 23:16:35 UTC
Hello Community
As it is my first post I briefly introduce : I'am engineer in critical
embedded system dev. Not a specialist in android, nor IT techologies, but I
know how to root/flash phone given the right exploit, and prefer using a
CLI for work, and a mouse for leisure ;). The topic I open to your gentle
attention has been crossposted on various forum. I hope to get the most
precise indications as possible. Here it is :
A friend of mine with an android device has been hacked "by a phone call"
has he said. The phone number of the believed "attacker" does not exist
anymore and seemed to have existed only a few hours. This arose some
questions about what I believed. Can some of you tell me what you think
about the questions below. If you have some pointers to help me know more
about these topics, I would appreciate. If I missed topics on xda forum
regarding these questions, please forgive me, and points me to the topic I
missed.
1st - Has he really been hacked by a phone call ? In my understanding, as
long as you don't activate 3G/4G, your android is just a phone, and thus
can just handle duplex audio data. What about exploit targeting the phone
application that, with just GSM protocol or payload corruption, can hack
your phone ? I thougt this fairly unprobable. Now if 3G/4G is activated, is
phone is just a machine on the network, with some ports open, so he is
vulnerable. What about exploit that could run over 3G if you accept a call
? Can a vulnerable phone apk enable a hacking of the phone receiving a
phone call ?
2nd - How did the attacker procured a phone number without giving its ID
papers in france ? Buying a sim card normaly require a valid ID paper like
a passport. Is it always the case ? Is it possible to have a mobile phone
number without buying a SIM card ?
3rd - Given the recent informations I google on internet, I guess he has
been hacked by Stagefright. He remembers the call, but not the stagefright
attack (which can remain totally undetected in some situations).
As he rooted his device, I would avised him reset to factory device. As a
paranoid, I would say this is unsufficient : if his phone is compromised,
the attacker could have compromised his recovery too. So I would better say
him : flash bootloader if possible, and flash a stock rom then boot into
recovery. And after, rune an apk to test if vulnerable to stagefright and a
patch to correct.
Thank you for any informations about these questions
Best regards
Cedric
As it is my first post I briefly introduce : I'am engineer in critical
embedded system dev. Not a specialist in android, nor IT techologies, but I
know how to root/flash phone given the right exploit, and prefer using a
CLI for work, and a mouse for leisure ;). The topic I open to your gentle
attention has been crossposted on various forum. I hope to get the most
precise indications as possible. Here it is :
A friend of mine with an android device has been hacked "by a phone call"
has he said. The phone number of the believed "attacker" does not exist
anymore and seemed to have existed only a few hours. This arose some
questions about what I believed. Can some of you tell me what you think
about the questions below. If you have some pointers to help me know more
about these topics, I would appreciate. If I missed topics on xda forum
regarding these questions, please forgive me, and points me to the topic I
missed.
1st - Has he really been hacked by a phone call ? In my understanding, as
long as you don't activate 3G/4G, your android is just a phone, and thus
can just handle duplex audio data. What about exploit targeting the phone
application that, with just GSM protocol or payload corruption, can hack
your phone ? I thougt this fairly unprobable. Now if 3G/4G is activated, is
phone is just a machine on the network, with some ports open, so he is
vulnerable. What about exploit that could run over 3G if you accept a call
? Can a vulnerable phone apk enable a hacking of the phone receiving a
phone call ?
2nd - How did the attacker procured a phone number without giving its ID
papers in france ? Buying a sim card normaly require a valid ID paper like
a passport. Is it always the case ? Is it possible to have a mobile phone
number without buying a SIM card ?
3rd - Given the recent informations I google on internet, I guess he has
been hacked by Stagefright. He remembers the call, but not the stagefright
attack (which can remain totally undetected in some situations).
As he rooted his device, I would avised him reset to factory device. As a
paranoid, I would say this is unsufficient : if his phone is compromised,
the attacker could have compromised his recovery too. So I would better say
him : flash bootloader if possible, and flash a stock rom then boot into
recovery. And after, rune an apk to test if vulnerable to stagefright and a
patch to correct.
Thank you for any informations about these questions
Best regards
Cedric
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.