Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.

  • 0 Posts
  • 76 Comments
Joined 7 months ago
cake
Cake day: March 27th, 2024

help-circle

















  • For what it’s worth, both Android and iOS are vulnerable to zero click RCEs, see NSO Group and their Pegasus spyware.

    One of the reasons we don’t really have zombie phones in botnet swarms is because selling the RCE on the grey market is way more lucrative than burning it to infect some devices for a botnet since phones are way more attractive targets than computers if you’re actively targeting an individual.

    A fully compromised smartphone is will give access to practically all of a target’s communications: their phone calls, SMS messages, encrypted text messaging (Signal/WhatsApp/iMessages) and probably their email as well. You will also gain access to a good portion of their web browsing, and their is a very good chance you will gain access to their 2FA as well (Authenticator application or SMS) allowing you to further easily compromise any of their online accounts. Plus, you gain access to any files on their phone (which are often very good kompromat if your goal is to blackmail), their live location and the ability to spy on them covertly through the camera and the microphone.

    Compare that to a laptop. You gain access to some of their web browsing, some files (often only professional in nature), and maybe access their camera and microphone some of the time, since the laptop isn’t always on and beside you.