Comment on Hackers can steal 2FA codes and private messages from Android phones
tidderuuf@lemmy.world 2 months ago
requires a victim to first install a malicious app
Let me stop you right there… and leave.
Comment on Hackers can steal 2FA codes and private messages from Android phones
tidderuuf@lemmy.world 2 months ago
requires a victim to first install a malicious app
Let me stop you right there… and leave.
NaibofTabr@infosec.pub 2 months ago
Normally I would agree with this perspective, but in this case the “malicious app” is just a demo. It requires no permissions to do the malicious behavior, which means that the relevant code could be included in any app and wouldn’t trigger a user approval, a permissions request or a security alert. This could be hiding in anything that you install.
krooklochurm@lemmy.ca 2 months ago
Man in the middle an app download or find some kind of exploit to inject the code from a website, ta da.
I mean, obviously there’s more to it than this but.
NaibofTabr@infosec.pub 2 months ago
Hmm, yes that can happen, but can it happen if you’re downloading directly from the Play store?
krooklochurm@lemmy.ca 2 months ago
There are reports all the time of play store apps containing malware.
reksas@sopuli.xyz 2 months ago
first you download something and it has nothing malicious, then you update it later and then it has something.
NihilsineNefas@slrpnk.net 2 months ago
So they’re using the same programs that the three letter agencies of the world have been using to crack phones since before touchscreens existed?
NaibofTabr@infosec.pub 2 months ago
This article doesn’t really address that. I don’t think there’s any indication that this particular vulnerability is related to nation-state hacking.
FreedomAdvocate@lemmy.net.au 2 months ago
So it could be hiding in, what would you call them…….malicious apps?
The relevant code isn’t going to be in a non malicious app.
ReginaPhalange@lemmy.world 2 months ago
Listen Mr Zuckerberg, we can improve our ad revenue immensely if we can do this one little trick to Facebook’s code…
NaibofTabr@infosec.pub 2 months ago
Um, ok, and how would you know the difference?
FreedomAdvocate@lemmy.net.au 2 months ago
Because if it’s doing this it’s a malicious app….
Google also said they’ve found zero apps doing this.