[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[liberationtech] Foxacid payload
- To: liberationtech <[email protected]>
- Subject: [liberationtech] Foxacid payload
- From: [email protected] (coderman)
- Date: Thu, 17 Jul 2014 13:51:25 -0700
- In-reply-to: <CAJVRA1TqZCnVSXM5aN8ZcYKDafe1N7xNny6bSJAYaoOPGAkMPA@mail.gmail.com>
- References: <[email protected]> <[email protected]> <CAJVRA1RjtY+5rMhmPeB_L8C8br1iVtbgv4YJJ=u1-N0xcMC5fQ@mail.gmail.com> <[email protected]> <CAJVRA1TqZCnVSXM5aN8ZcYKDafe1N7xNny6bSJAYaoOPGAkMPA@mail.gmail.com>
On Thu, Jul 17, 2014 at 1:11 PM, coderman <[email protected]> wrote:
> ...
> - if you want to thwart FOXACID type attacks there are ways to do it
> without knowing specific payloads. (architectural and broad
> techniques, not fingerprints on binaries or call graphs)
some specific examples:
A: exploit reuse to arbitrary execution, persist via pivot
D: run vulnerable app in Throw away Qubes VM, log traffic for
inspection through gateway VM. exploit unable to persist, exploit
vector captured.
A: android intent misuse to elevate privs, then exfiltrate data.
D: "root" your device to restrict intent use and network communication
by application, preventing vulnerable app from being usefully
exploitable.
A: baseband exploit to device crypto key retrieval used
D: apply software defined radio to confirm compromise at baseband
level via suspect emissions, use SDR instead of proprietary radios to
communicate.
(you can't mitigate against a compromised baseband, in most cases.)
"convenience is the cost of privacy" - who said this? very true in
this instance.
--
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].