Hello Community As it is my first post I briefly introduce : I'am engineer in critical embedded system dev. Not a specialist in android, nor IT techologies, but I know how to root/flash phone given the right exploit, and prefer using a CLI for work, and a mouse for leisure ;). The topic I open to your gentle attention has been crossposted on various forum. I hope to get the most precise indications as possible. Here it is :
A friend of mine with an android device has been hacked "by a phone call" has he said. The phone number of the believed "attacker" does not exist anymore and seemed to have existed only a few hours. This arose some questions about what I believed. Can some of you tell me what you think about the questions below. If you have some pointers to help me know more about these topics, I would appreciate. If I missed topics on xda forum regarding these questions, please forgive me, and points me to the topic I missed. 1st - Has he really been hacked by a phone call ? In my understanding, as long as you don't activate 3G/4G, your android is just a phone, and thus can just handle duplex audio data. What about exploit targeting the phone application that, with just GSM protocol or payload corruption, can hack your phone ? I thougt this fairly unprobable. Now if 3G/4G is activated, is phone is just a machine on the network, with some ports open, so he is vulnerable. What about exploit that could run over 3G if you accept a call ? Can a vulnerable phone apk enable a hacking of the phone receiving a phone call ? 2nd - How did the attacker procured a phone number without giving its ID papers in france ? Buying a sim card normaly require a valid ID paper like a passport. Is it always the case ? Is it possible to have a mobile phone number without buying a SIM card ? 3rd - Given the recent informations I google on internet, I guess he has been hacked by Stagefright. He remembers the call, but not the stagefright attack (which can remain totally undetected in some situations). As he rooted his device, I would avised him reset to factory device. As a paranoid, I would say this is unsufficient : if his phone is compromised, the attacker could have compromised his recovery too. So I would better say him : flash bootloader if possible, and flash a stock rom then boot into recovery. And after, rune an apk to test if vulnerable to stagefright and a patch to correct. Thank you for any informations about these questions Best regards Cedric -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
