android exploit attached to bad html file (alot like the myspace hacking)...so whats s new... same methods, and same bs... i just dont see any usefulness to what could be done anytime, and if you were silly enough to accept ASNY files direct dl at ANY **COn, expect it :P~ but the method, is pathetically old, and, hiding behind some lame android-root, as most of these ppl do... when i see them lever, linux, with NO html, ill maybe like them abit :P~~
have a nice defbomb ... hehe meh.. so whats new... hijacking a phone botnet would be fun but, i dont see why would bother scanning for them.. when, i have and, theyre pretty useless... well, maybe for android freaks...and, this is simple a root exploit or, exoploit being levered, thru an LD On 10 August 2011 19:21, coderman <[email protected]> wrote: > while most were enjoying libations or talks a very interesting event > was taking place at the conference. > > we're all familiar with the hostility of WiFi and GSM networks at DEF > CON, however, this year the most hostile network on earth was not > 802.11; it was CDMA and 4G! > > on Friday some parts of Anon and Lulz made appearance. by early > Saturday morning a weapon was deployed. > > > > some characteristics: > > - full active MitM against CDMA and 4G connections from Rio to carriers. > > - MitM positioning for remote exploitation to ring0 on Android and PC. > > - fall back to userspace only or non-persistent methods when > persistent rootkit unattainable. > > - many attack trees and weaponized exploits. escalation from easy pwns > up to specialized techniques and tactics until success is achieved. > > - simultaneous attack across CDMA and 4G connections using full power > in these LICENSED bands. > > - operated continuously (except for outages :) from early Saturday > until 8am Monday. > > - designed with intent: mass exploitation, reconnaissance, > exfiltration, eavesdropping. > > > > how to tell if you met the beast at Rio: > > - did you accept an upgrade for Android, Java, or other applications? > (oops) > > - did you notice 3G/4G signal anomalies, including full signal yet > poor bandwidth or no link? > > - did you notice your Android at full charged plugged in, but dropping > to <50% charge once unplugged? > > - did you notice 4G download speeds at quarter of usual, yet uploads > over twice as fast? > > - did you notice Android services that immediately respawn when > killed? (Voice Search?) > > - does your Android no longer connect to USB debugging yet adbd is alive? > > - does your PC have an sshd that cannot be kill -9'd? > > - did your Android crash - a hard freeze, and then take a long time to > reboot? > > ...many other indicators, but for now that's sufficient to express the > point. > > > > if you met the beast, it seemed to have a nearly perfect success rate; > your odds not good. in fact you probably didn't even notice as it > pilfered bytes off your devices and monitored your conversations. > > i have waited over six DEF CONs to meet an adversary of this skill. > i was not disappointed. > > did the talks suck this year because the good stuff is under NDA? > clearly a lot of you are selling out... > > > > to those who got pwned, i would be interested in your experiences and > binaries: > ID 9B65F087 , FP = 1029 E3E0 F22A C73D B2D6 468F 2798 76BB 9B65 F087 > gpg --keyserver pool.sks-keyservers.net --recv-keys 9B65F087 > gpg --keyserver subkeys.pgp.net --recv-keys 9B65F087 > gpg --keyserver pgp.mit.edu --recv-keys 9B65F087 > > to the beast operators, i hope to see you next year! > (and get your availability deficiencies and network anomalies worked > out. kind of a shame you spent so much time and money only to have > your kit fall over again and again. and thanks for the 0days :) > > > until next year,... > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
