Cybersecurity

5677 readers

114 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

NSA Warns iPhone And Android Users To Turn It Off And On Again (www.forbes.com)

submitted 5 months ago by Renn@sh.itjust.works to c/cybersecurity@sh.itjust.works

42 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] CameronDev@programming.dev 4 points 5 months ago (1 children)

Only exploits that require human intervention would be defeated by this though. If you have a zero touch exploit that can privesc, the persistance doesnt need to be anything special, you can just wrap your exploit in an ordinary android app and request it be woken up on next boot.

[–] jet@hackertalks.com 4 points 5 months ago (1 children)

Not necessarily true. It could be a buffer overflow in text message processing, it's still requires a text message to be sent to the phone.

It could be a Wi-Fi or Bluetooth exploit, which requires locality.

It could be a browser, webview, certificate exploit that requires a sophisticated chain of events with a low probability to intercept a web page and get the user to do something that isn't guaranteed.

The exploit might display itself to a user on the phone, so every time it's applied there's a risk of discovery.

Not to mention many advanced persistent threats do not want their exploits to be analyzed, so they will not leave them sitting around to be collected, just waiting for the device to need a reinfection. That's valuable signals capability that you give to your adversary they just need to analyze it.

[–] CameronDev@programming.dev 3 points 5 months ago (1 children)

Those all are things that require external human intervention though?

If the malware is persistent, then one way or another it needs to leave an exploit on the device, it can either be a persistance exploit, or a privesc exploit.

[–] jet@hackertalks.com 3 points 5 months ago (1 children)

Right so the issue here is we are saying for the class of malware that is not persistent restarting the device will take it out of memory. Which is a strict positive

[–] CameronDev@programming.dev 2 points 5 months ago (1 children)

Yup. Although i'm not sure there are many (any?) malwares that don't have some form of persistence. Exploits requiring human intervention are usually just the first stage, and persistance is the second.

I dont know of any APTs that are purely memory only, but if you know of one please link so I can read up on it.

[–] jet@hackertalks.com 2 points 5 months ago (1 children)

https://www.youtube.com/watch?v=1f6YyH62jFE

[–] PipedLinkBot@feddit.rocks 1 points 5 months ago

Here is an alternative Piped link(s):

https://www.piped.video/watch?v=1f6YyH62jFE

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.