Assuming the device was only functioning as a phone and he received
only a call it's unlikely that was used as an attack vector. The
phone's baseband processor handles traditional calls made via cell and
is interfaced via RIL.

Kris

On Wed, Dec 2, 2015 at 6:16 PM, cgava mah wrote:
Hello Community

As it is my first post I briefly introduce : I'am engineer in critical
embedded system dev. Not a specialist in android, nor IT techologies, but I
know how to root/flash phone given the right exploit, and prefer using a CLI
for work, and a mouse for leisure ;). The topic I open to your gentle
attention has been crossposted on various forum. I hope to get the most
precise indications as possible. Here it is :

A friend of mine with an android device has been hacked "by a phone call"
has he said. The phone number of the believed "attacker" does not exist
anymore and seemed to have existed only a few hours. This arose some
questions about what I believed. Can some of you tell me what you think
about the questions below. If you have some pointers to help me know more
about these topics, I would appreciate. If I missed topics on xda forum
regarding these questions, please forgive me, and points me to the topic I
missed.

1st - Has he really been hacked by a phone call ? In my understanding, as
long as you don't activate 3G/4G, your android is just a phone, and thus can
just handle duplex audio data. What about exploit targeting the phone
application that, with just GSM protocol or payload corruption, can hack
your phone ? I thougt this fairly unprobable. Now if 3G/4G is activated, is
phone is just a machine on the network, with some ports open, so he is
vulnerable. What about exploit that could run over 3G if you accept a call ?
Can a vulnerable phone apk enable a hacking of the phone receiving a phone
call ?

2nd - How did the attacker procured a phone number without giving its ID
papers in france ? Buying a sim card normaly require a valid ID paper like a
passport. Is it always the case ? Is it possible to have a mobile phone
number without buying a SIM card ?

3rd - Given the recent informations I google on internet, I guess he has
been hacked by Stagefright. He remembers the call, but not the stagefright
attack (which can remain totally undetected in some situations).
As he rooted his device, I would avised him reset to factory device. As a
paranoid, I would say this is unsufficient : if his phone is compromised,
the attacker could have compromised his recovery too. So I would better say
him : flash bootloader if possible, and flash a stock rom then boot into
recovery. And after, rune an apk to test if vulnerable to stagefright and a
patch to correct.


Thank you for any informations about these questions

Best regards

Cedric

--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to android-security-discuss+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 3 | next ›
Discussion Overview
groupandroid-security-discuss @
categoriesandroid
postedDec 2, '15 at 11:16p
activeDec 3, '15 at 8:08a
posts3
users2
websiteandroid.com

People

Translate

site design / logo © 2019 Grokbase